| |
| |||||||
Log-Analyse und Auswertung: W7: Worm.Brontok u.v.m. lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.01.2015, 16:02
| #1 |
 |  W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Ich erhielt einen hofflungslos verseuchten Stick eines Bekannten. In jedem Unterverzeichnis befand sich eine EXE-Datei mit dem Namen des Verzeichnis und dem Verzeichnis-Symbol. Das verhieß nichts Gutes. Dann mal seinen Rechner mit MBAM gescannt (ich weiß, ich hinke der Zeit hinterher), das prompt Brontok und diverse andere ungebetene Gäste gefunden hat. Alles mit MBAM gelöscht, neu gestartet, und schwupps waren sie auch schon wieder da. Die zwei Logs sind am Ende beigefügt. Nun, dann muss ich damit jemanden beauftragen, dessen letzte erfolgreiche Bereinigung nicht schon so lange zurückliegt. Et Voilà: FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Ibrahim (administrator) on IBRAHIM-PC on 22-01-2015 15:21:34
Running from C:\Users\Ibrahim\Downloads
Loaded Profiles: Ibrahim (Available profiles: Ibrahim)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {9ad89c64-2cd2-11e3-a830-001f3c568fb7} - E:\AutoRun.exe
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {bcdbc4be-3610-11df-8f7d-001f3c568fb7} - E:\Autoplay.exe -auto
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {c9330f59-d3c4-11e0-bb4b-001d72c7bb38} - H:\setup.exe AUTORUN=1
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\MountPoints2: {eff93f32-360d-11df-85b3-001f3c568fb7} - F:\LaunchU3.exe -a
Startup: C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 - (No Name) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
SearchScopes: HKU\.DEFAULT -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {94F94651-8923-44EA-B578-6B70988C545C} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=f259e586000000000000001f3c568fb7&r=927
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1572363
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\.DEFAULT -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\user.js
FF Extension: Adblock Plus - C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-12-26]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=f259e586000000000000001f3c568fb7"
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-10]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-03-23] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Test1234\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Test1234\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys [521944 2013-12-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\ENG64.SYS [126040 2014-01-01] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\EX64.SYS [2099288 2014-01-01] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [36352 2008-01-19] (National Semiconductor Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-23] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-25] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 tifm21; C:\Windows\System32\drivers\tifm21.sys [314880 2010-03-23] (Texas Instruments)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 15:21 - 2015-01-22 15:23 - 00021735 _____ () C:\Users\Ibrahim\Downloads\FRST.txt
2015-01-22 15:21 - 2015-01-22 15:21 - 00000000 ____D () C:\FRST
2015-01-22 15:19 - 2015-01-22 15:20 - 00380416 _____ () C:\Users\Ibrahim\Downloads\7u8ie45g.exe
2015-01-22 15:19 - 2015-01-22 15:19 - 02126848 _____ (Farbar) C:\Users\Ibrahim\Downloads\FRST64.exe
2015-01-22 15:15 - 2015-01-22 15:15 - 00050477 _____ () C:\Users\Ibrahim\Downloads\Defogger.exe
2015-01-22 15:15 - 2015-01-22 15:15 - 00000654 _____ () C:\Users\Ibrahim\Downloads\defogger_disable.log
2015-01-22 15:15 - 2015-01-22 15:15 - 00000216 _____ () C:\Users\Ibrahim\defogger_reenable
2015-01-22 12:40 - 2015-01-22 12:40 - 00000987 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-22 12:10 - 2015-01-22 12:10 - 00029879 _____ () C:\Users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
2015-01-22 12:02 - 2015-01-22 15:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 12:01 - 2015-01-22 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Test1234
2015-01-22 12:01 - 2015-01-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Test1234
2015-01-22 12:01 - 2015-01-22 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 12:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 12:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 12:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 11:59 - 2015-01-22 12:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Ibrahim\Downloads\test1234.exe
2015-01-21 18:23 - 2015-01-21 18:23 - 00001293 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-01-21 18:23 - 2015-01-21 18:23 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2015-01-21 18:23 - 2015-01-21 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-01-21 18:23 - 2015-01-21 18:23 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2015-01-21 18:21 - 2015-01-21 18:21 - 00105808 _____ (GreenTree Applications SRL) C:\Users\Ibrahim\Desktop\YTDSetup.exe
2015-01-17 12:04 - 2015-01-17 12:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 18:27 - 2015-01-22 11:53 - 00000000 ____D () C:\Users\Ibrahim\Desktop\Jenseits
2015-01-16 17:12 - 2015-01-16 18:22 - 00006770 _____ () C:\Users\Ibrahim\Desktop\Adressen Daueraufträge.txt
2015-01-16 16:23 - 2015-01-16 16:23 - 00003198 _____ () C:\Windows\System32\Tasks\{7AB8221E-2701-4B62-90E2-E89DB6A52E6B}
2015-01-14 18:07 - 2015-01-14 20:04 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\SendBlaster2
2015-01-14 18:07 - 2015-01-14 18:07 - 00000000 ____D () C:\Users\Ibrahim\Documents\SendBlaster2
2015-01-14 18:05 - 2015-01-14 18:05 - 00002795 _____ () C:\Users\Ibrahim\Desktop\Microsoft Office Outlook 2007.lnk
2015-01-14 18:05 - 2015-01-14 18:05 - 00001914 _____ () C:\Users\Public\Desktop\SendBlaster.lnk
2015-01-14 18:05 - 2015-01-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SendBlaster 2
2015-01-14 18:04 - 2015-01-14 18:05 - 00000000 ____D () C:\Program Files (x86)\SendBlaster
2015-01-14 17:36 - 2015-01-14 18:00 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\SendBlaster3
2015-01-14 17:36 - 2015-01-14 17:36 - 00000000 ____D () C:\Users\Ibrahim\Documents\SendBlaster3
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-22 15:22 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 15:22 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 15:21 - 2010-03-23 00:42 - 02096731 _____ () C:\Windows\WindowsUpdate.log
2015-01-22 15:17 - 2014-12-12 01:32 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim.job
2015-01-22 15:17 - 2013-06-06 16:27 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-01-22 15:17 - 2013-05-31 16:51 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-01-22 15:17 - 2010-12-14 21:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 15:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 15:16 - 2010-03-23 02:39 - 00173614 _____ () C:\Windows\PFRO.log
2015-01-22 15:16 - 2009-07-14 05:51 - 00137420 _____ () C:\Windows\setupact.log
2015-01-22 15:15 - 2010-03-23 00:52 - 00000000 ____D () C:\Users\Ibrahim
2015-01-22 15:05 - 2010-12-14 21:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 14:28 - 2013-04-26 05:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 13:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 13:14 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2015-01-22 11:22 - 2010-03-23 02:27 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Adobe
2015-01-21 17:40 - 2010-03-23 02:18 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Adobe
2015-01-21 15:59 - 2014-12-12 01:32 - 00002972 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Ibrahim
2015-01-21 15:59 - 2014-12-12 01:32 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Ibrahim.job
2015-01-20 12:02 - 2012-07-04 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-19 23:41 - 2014-12-12 01:32 - 00002976 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Ibrahim
2015-01-19 23:41 - 2014-12-12 01:32 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Ibrahim.job
2015-01-17 11:17 - 2014-11-12 14:42 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Loc.Mail.Bron.Tok
2015-01-16 15:50 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 15:50 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 15:50 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 15:28 - 2013-04-26 05:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 15:28 - 2013-04-26 05:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 15:28 - 2011-06-23 15:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 15:13 - 2014-06-14 09:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-04 14:42 - 2010-12-14 21:20 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Google
2015-01-04 14:40 - 2012-07-04 11:26 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Mozilla
2015-01-04 14:39 - 2011-05-22 10:16 - 00000000 ____D () C:\Program Files (x86)\Athan
2015-01-04 14:33 - 2010-12-14 21:19 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Skype
2015-01-04 14:33 - 2010-12-14 21:19 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-01-22 12:10 - 2015-01-22 12:10 - 0029879 _____ () C:\Users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
2010-04-02 15:31 - 2010-04-07 23:42 - 0016384 _____ () C:\Users\Ibrahim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-12 14:42 - 2014-11-12 14:42 - 0000051 _____ () C:\Users\Ibrahim\AppData\Local\Kosong.Bron.Tok.txt
2012-01-06 08:24 - 2012-01-06 08:24 - 0000000 _____ () C:\Users\Ibrahim\AppData\Local\{63000764-7767-4BA9-A44D-8321877C66FF}
2014-07-20 21:59 - 2014-07-20 21:59 - 0000000 _____ () C:\Users\Ibrahim\AppData\Local\{AC08F4B5-C54C-4411-ADBB-D78B3EF9AE29}
2010-12-14 21:21 - 2010-12-14 21:21 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Ibrahim\AppData\Local\Temp\UNINSTALL.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 17:02
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Ibrahim at 2015-01-22 15:24:11
Running from C:\Users\Ibrahim\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM-x32\...\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757) (Version: 1.0 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe OnLocation CS3 (HKLM-x32\...\InstallShield_{FFB278E6-2945-4FF0-8F3F-268CDD09FCF6}) (Version: 3.0.1095.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Adobe Ultra CS3 - MSL Legacy Support (HKLM-x32\...\InstallShield_{995237D9-6E24-45D9-9B06-C13AA62F518B}) (Version: - )
Adobe Ultra CS3 (HKLM-x32\...\InstallShield_{E907A385-B00D-4D03-8B16-B64F10938CE6}) (Version: 3.0.1055.0 - Adobe Systems Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
DriverIdentifier 4.2.6 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
FileZilla Client 3.7.1 (HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Free YouTube Download version 3.2.17.1125 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{BA816CCA-0FEA-4A68-9AD0-4CF3D2DF40CC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{36F289DE-F9E6-4AD3-AD37-90CCB61F1638}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Premium Sonderedition (HKLM-x32\...\MAGIX_{9ADAE3A4-87DD-4091-B5E0-24F4B6F08F3A}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Premium Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PicPick (HKLM-x32\...\PicPick) (Version: 3.1.9 - NTeWORKS)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SendBlaster 2 (HKLM-x32\...\{CF950023-9C75-4843-8B68-FD8A5D641B4B}) (Version: 002.000.13800 - eDisplay srl)
simplitec simplicheck (HKLM-x32\...\{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}) (Version: 1.2.3.0 - simplitec GmbH)
Sothink FLV Player (HKLM-x32\...\{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1) (Version: 2.1 - SourceTec Software Co., LTD)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM-x32\...\InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}) (Version: 2.00.0002 - Texas Instruments Inc.)
TIPCI (x32 Version: 2.00.0002 - Texas Instruments Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WaveLab LE 7 (HKLM-x32\...\WaveLabLE7) (Version: 7.1.0.543 - Steinberg)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YTD Video Downloader 4.8.9 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.9 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InprocServer32 -> C:\Users\Ibrahim\Desktop\FileZilla FTP Client\fzshellext_64.dll ()
CustomCLSID: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ibrahim\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05055B8C-DB28-4233-B47E-110DC48D2D31} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{DDCE906B-5761-464C-B405-92E61ECDCDE3}.exe
Task: {06177BB4-0077-41EA-82AE-C529D6D515E8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {194106B9-2CF0-4B50-9613-410465E43720} - System32\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: {198181BD-285D-4819-975A-279A409B3729} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {52AC56C7-5496-4F9F-A9F1-F0836CC6943D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {55D93B4A-E1F6-4B0A-BAF6-40E88080E2C4} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{4007B75F-547E-453A-B17A-8EB876993E98}.exe
Task: {6833939C-7485-4242-BA17-5F3BEA201719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {6C5F0D0B-95DB-4F6C-902B-7F96B403FC22} - System32\Tasks\AdobeAAMUpdater-1.0-Ibrahim-PC-Ibrahim => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {6D7C6FE9-EE8E-4A8A-A7C8-E85FF1DF9803} - System32\Tasks\{7AB8221E-2701-4B62-90E2-E89DB6A52E6B} => pcalua.exe -a "E:\Outlock Sicherung 24.06.13\Outlock Sicherung 24.06.13`.exe" -d "E:\Outlock Sicherung 24.06.13"
Task: {97991AA3-653D-47B8-A02B-63F0D06DFF40} - System32\Tasks\{E74E1A35-A9FA-4B0B-8E09-16F026067618} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {B2E7809E-1A38-4EDB-B213-22426027FA80} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {B5A02C35-02E5-46B2-9132-8DBB14BB5BA9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C56A6F03-11E3-485E-BAB4-7115F706F8B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.)
Task: {C7B98D51-30D7-4604-ABEA-687382D294C0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3353200993-3378237040-2345229884-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {D8BBA9E2-3E3B-42A3-B40A-701501D3F7FC} - System32\Tasks\ReclaimerUpdateXML_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: {DF9F103D-17F0-4A33-99A3-976192FED245} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3353200993-3378237040-2345229884-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {DF9F3FF1-2A5A-4B8B-9172-9D410DFDD6EF} - System32\Tasks\ReclaimerUpdateFiles_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: {F36B1964-D8FB-48CB-A11F-C1FF5CE99289} - System32\Tasks\{87C9F65A-9EB0-47F8-9BFF-0DCA9F8E1C80} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.116.259/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;systemlevelpresent
Task: {FE25FF37-A056-4768-B960-505D801B8C97} - System32\Tasks\RNUpgradeHelperResumePrompt_Ibrahim => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{4007B75F-547E-453A-B17A-8EB876993E98}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{DDCE906B-5761-464C-B405-92E61ECDCDE3}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Ibrahim.job => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Ibrahim.job => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim.job => C:\Users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2010-03-23 02:26 - 2007-05-11 01:31 - 00921600 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
2014-01-31 16:45 - 2014-01-31 16:45 - 00643952 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Users\Ibrahim\Desktop\FileZilla FTP Client\fzshellext_64.dll
2011-12-13 15:10 - 2007-04-13 17:20 - 00097432 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-01-17 12:04 - 2015-01-17 12:04 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-02 14:26 - 2014-02-02 14:26 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3353200993-3378237040-2345229884-500 - Administrator - Disabled)
Gast (S-1-5-21-3353200993-3378237040-2345229884-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3353200993-3378237040-2345229884-1003 - Limited - Enabled)
Ibrahim (S-1-5-21-3353200993-3378237040-2345229884-1000 - Administrator - Enabled) => C:\Users\Ibrahim
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/21/2015 04:32:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.
Error: (01/21/2015 04:32:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig.
.
Error: (01/17/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4180
Error: (01/17/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4180
Error: (01/17/2015 03:58:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/17/2015 03:58:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1107
Error: (01/17/2015 03:58:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1107
Error: (01/17/2015 03:58:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/17/2015 03:57:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7007674
Error: (01/17/2015 03:57:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7007674
System errors:
=============
Error: (01/22/2015 02:21:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (01/22/2015 00:38:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%216
Error: (01/22/2015 00:36:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%216
Error: (01/22/2015 11:59:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde nicht richtig gestartet.
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Anwendungserfahrung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1115
Error: (01/22/2015 11:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "FLEXnet Licensing Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 42%
Total physical RAM: 4086.43 MB
Available physical RAM: 2335.02 MB
Total Pagefile: 10213.57 MB
Available Pagefile: 8439.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:139.28 GB) (Free:5.56 GB) NTFS
Drive z: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.42 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 34FE34FD)
Partition 1: (Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=139.3 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-22 15:42:53
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC31P 149,05GB
Running: 7u8ie45g.exe; Driver: C:\Users\Ibrahim\AppData\Local\Temp\fxriqfow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[3052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [3992] entry point in ".rdata" section 000000006e3271e6
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749d1465 2 bytes [9D, 74]
.text C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749d14bb 2 bytes [9D, 74]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2eb36a0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2eb36a0@9c187452a9aa 0x02 0x2C 0x69 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xA6 0x0B 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x13 0x4C 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x12 0x74 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2eb36a0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2eb36a0@9c187452a9aa 0x02 0x2C 0x69 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xA6 0x0B 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x13 0x4C 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5B 0x12 0x74 0x26 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.01.2015 Scan Time: 13:15:10 Logfile: MBAM1.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.22.07 Rootkit Database: v2015.01.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Ibrahim Scan Type: Threat Scan Result: Completed Objects Scanned: 352910 Time Elapsed: 22 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, 2088, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, 2728, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, 2964, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Dropper, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, "C:\Users\Ibrahim\AppData\Local\smss.exe", Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa] Hijack.FolderOptions, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [e58ac832058464d29527f736e51f60a0] Registry Data: 0 (No malicious items detected) Folders: 1 Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-22, Quarantined, [70ff5d9da1e864d2c13811285da64db3], Files: 33 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\smss.exe, Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa], Trojan.Dropper, C:\Users\Ibrahim\Documents\Documents.exe, Quarantined, [0a657e7c4b3eb28444646c0805fb6d93], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\csrss.exe, Quarantined, [254a53a7fb8efa3cfbad472d49b74cb4], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\inetinfo.exe, Quarantined, [fc733dbd5d2c15210f996d07aa56ad53], PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.aflt", "OC");), Replaced,[d699d52597f243f3fe67ebf009fc0ef2] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (re* If you make changes to this file while the applican exits. * * To make a ), Replaced,[95da2ad0ee9b5cda54116e6d6a9b6f91] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (while the applican exits. * * To make a manual ), Replaced,[2a45fbff66232d09cf96eeed0cf93cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applica), Replaced,[630c8476fa8fc76f0e578754739211ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appl), Replaced,[db94f90190f9a98dd491b52643c2eb15] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the app), Replaced,[72fdd525c4c513232d38e0fb689d01ff] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the app), Replaced,[343bad4d1b6eb97dacb901da04018977] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the applican ), Replaced,[83ec0eec2b5e979fd392bc1fe5206c94] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ou make changes to this file while the appli), Replaced,[214e6e8c018881b5c4a1805b31d4fa06] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To ), Replaced,[ef80609af0990b2ba6bfa23933d26898] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make ), Replaced,[4f2041b99eebab8b6afbe0fb4cb92ad6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits), Replaced,[6807bc3e593071c52441617ab64fa957] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( make changes to this file while the applican ), Replaced,[442b7882b2d74ee88ed706d5cf363ac6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config ), Replaced,[7ef188722d5cf3432540e7f44bba8d73] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences, you can visit the URL about:config */ ), Replaced,[e08fe713b6d3a492b7aeb7248c79f010] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exit), Replaced,[3c330feb5336bf7796cf31aaba4b629e] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (u make changes to this file while the applican ), Replaced,[17586793a7e241f50065508b31d4669a] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appli), Replaced,[e68949b15f2af83e9acbd4078c793cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (f you make changes to this file while the applican exits. * * To mak), Replaced,[7af58c6efb8e3df98bda409b699cc739] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make a manu), Replaced,[046bd9215e2bf4422342cb1017ee11ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ke changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pr), Replaced,[620d61998aff2c0a234237a464a1837d] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ences, you can visit the URL about:config */ u), Replaced,[6c0307f3becbc37361049e3db5508779] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits. * ), Replaced,[a6c9807a98f173c38adbf5e68d785da3] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (hanges to this file while the applican exits. * ), Replaced,[056af50568218caae67fd10a13f2e719] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f259e586000000000000001f3c568fb7");), Replaced,[e6892ecc98f1a29468057764f51009f7] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (app.update.lastUpdateTime.experiments-update-timer", 1421841830); user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1421921901); u), Replaced,[fe710feb8108eb4ba9c457845baa03fd] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.01.2015 Scan Time: 13:15:10 Logfile: MBAM2.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.22.07 Rootkit Database: v2015.01.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Ibrahim Scan Type: Threat Scan Result: Completed Objects Scanned: 352910 Time Elapsed: 22 min, 45 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, 2088, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, 2728, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, 2964, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Dropper, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, "C:\Users\Ibrahim\AppData\Local\smss.exe", Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa] Hijack.FolderOptions, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [e58ac832058464d29527f736e51f60a0] Registry Data: 0 (No malicious items detected) Folders: 1 Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-22, Quarantined, [70ff5d9da1e864d2c13811285da64db3], Files: 33 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, Delete-on-Reboot, [70ffed0dfa8fd0666147116339c70df3], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, Delete-on-Reboot, [303fd822bfcab68094145c1836ca40c0], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, Delete-on-Reboot, [0966b14970198aac5b4d81f3bb45a858], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\smss.exe, Quarantined, [402fec0e8aff4aecfeaa3e36c13f56aa], Trojan.Dropper, C:\Users\Ibrahim\Documents\Documents.exe, Quarantined, [0a657e7c4b3eb28444646c0805fb6d93], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\csrss.exe, Quarantined, [254a53a7fb8efa3cfbad472d49b74cb4], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\inetinfo.exe, Quarantined, [fc733dbd5d2c15210f996d07aa56ad53], PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.aflt", "OC");), Replaced,[d699d52597f243f3fe67ebf009fc0ef2] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (re* If you make changes to this file while the applican exits. * * To make a ), Replaced,[95da2ad0ee9b5cda54116e6d6a9b6f91] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (while the applican exits. * * To make a manual ), Replaced,[2a45fbff66232d09cf96eeed0cf93cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applica), Replaced,[630c8476fa8fc76f0e578754739211ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appl), Replaced,[db94f90190f9a98dd491b52643c2eb15] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the app), Replaced,[72fdd525c4c513232d38e0fb689d01ff] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the app), Replaced,[343bad4d1b6eb97dacb901da04018977] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (If you make changes to this file while the applican ), Replaced,[83ec0eec2b5e979fd392bc1fe5206c94] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ou make changes to this file while the appli), Replaced,[214e6e8c018881b5c4a1805b31d4fa06] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To ), Replaced,[ef80609af0990b2ba6bfa23933d26898] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make ), Replaced,[4f2041b99eebab8b6afbe0fb4cb92ad6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits), Replaced,[6807bc3e593071c52441617ab64fa957] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( make changes to this file while the applican ), Replaced,[442b7882b2d74ee88ed706d5cf363ac6] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (* If you make changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config ), Replaced,[7ef188722d5cf3432540e7f44bba8d73] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences, you can visit the URL about:config */ ), Replaced,[e08fe713b6d3a492b7aeb7248c79f010] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exit), Replaced,[3c330feb5336bf7796cf31aaba4b629e] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (u make changes to this file while the applican ), Replaced,[17586793a7e241f50065508b31d4669a] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( If you make changes to this file while the appli), Replaced,[e68949b15f2af83e9acbd4078c793cc4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (f you make changes to this file while the applican exits. * * To mak), Replaced,[7af58c6efb8e3df98bda409b699cc739] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (his file while the applican exits. * * To make a manu), Replaced,[046bd9215e2bf4422342cb1017ee11ef] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ke changes to this file while the applican exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pr), Replaced,[620d61998aff2c0a234237a464a1837d] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ences, you can visit the URL about:config */ u), Replaced,[6c0307f3becbc37361049e3db5508779] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (you make changes to this file while the applican exits. * ), Replaced,[a6c9807a98f173c38adbf5e68d785da3] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (hanges to this file while the applican exits. * ), Replaced,[056af50568218caae67fd10a13f2e719] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f259e586000000000000001f3c568fb7");), Replaced,[e6892ecc98f1a29468057764f51009f7] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (app.update.lastUpdateTime.experiments-update-timer", 1421841830); user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1421921901); u), Replaced,[fe710feb8108eb4ba9c457845baa03fd] Physical Sectors: 0 (No malicious items detected) (end) |
|
22.01.2015, 16:13
| #2 |
| /// the machine /// TB-Ausbilder    | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
22.01.2015, 16:33
| #3 |
| | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Ah, der Schrauber... wie immer schneller als die Polizei erlaubt.
__________________YTD ist deinstalliert. TDSS (Teil 1) sagt: Code:
ATTFilter 16:24:44.0401 0x13f0 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:24:59.0863 0x13f0 ============================================================
16:24:59.0863 0x13f0 Current date / time: 2015/01/22 16:24:59.0863
16:24:59.0863 0x13f0 SystemInfo:
16:24:59.0863 0x13f0
16:24:59.0863 0x13f0 OS Version: 6.1.7600 ServicePack: 0.0
16:24:59.0863 0x13f0 Product type: Workstation
16:24:59.0863 0x13f0 ComputerName: IBRAHIM-PC
16:24:59.0864 0x13f0 UserName: Ibrahim
16:24:59.0864 0x13f0 Windows directory: C:\Windows
16:24:59.0864 0x13f0 System windows directory: C:\Windows
16:24:59.0864 0x13f0 Running under WOW64
16:24:59.0864 0x13f0 Processor architecture: Intel x64
16:24:59.0864 0x13f0 Number of processors: 2
16:24:59.0864 0x13f0 Page size: 0x1000
16:24:59.0864 0x13f0 Boot type: Normal boot
16:24:59.0864 0x13f0 ============================================================
16:25:03.0471 0x13f0 KLMD registered as C:\Windows\system32\drivers\25372623.sys
16:25:03.0941 0x13f0 System UUID: {53297C04-C354-6EDD-72CB-ABC51022CF6D}
16:25:05.0143 0x13f0 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:05.0158 0x13f0 ============================================================
16:25:05.0158 0x13f0 \Device\Harddisk0\DR0:
16:25:05.0158 0x13f0 MBR partitions:
16:25:05.0158 0x13f0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x11690800
16:25:05.0158 0x13f0 ============================================================
16:25:05.0181 0x13f0 C: <-> \Device\Harddisk0\DR0\Partition1
16:25:05.0182 0x13f0 ============================================================
16:25:05.0182 0x13f0 Initialize success
16:25:05.0182 0x13f0 ============================================================
16:25:07.0666 0x11b0 ============================================================
16:25:07.0666 0x11b0 Scan started
16:25:07.0666 0x11b0 Mode: Manual;
16:25:07.0666 0x11b0 ============================================================
16:25:07.0666 0x11b0 KSN ping started
16:25:10.0896 0x11b0 KSN ping finished: true
16:25:12.0924 0x11b0 ================ Scan system memory ========================
16:25:12.0924 0x11b0 System memory - ok
16:25:12.0927 0x11b0 ================ Scan services =============================
16:25:13.0146 0x11b0 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:25:13.0159 0x11b0 1394ohci - ok
16:25:13.0254 0x11b0 [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883 C:\Windows\system32\DRIVERS\61883.sys
16:25:13.0259 0x11b0 61883 - ok
16:25:13.0313 0x11b0 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:25:13.0331 0x11b0 ACPI - ok
16:25:13.0364 0x11b0 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:25:13.0367 0x11b0 AcpiPmi - ok
16:25:13.0467 0x11b0 [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
16:25:13.0476 0x11b0 Adobe Version Cue CS3 - ok
16:25:13.0666 0x11b0 [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:25:13.0679 0x11b0 AdobeFlashPlayerUpdateSvc - ok
16:25:13.0760 0x11b0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:25:13.0787 0x11b0 adp94xx - ok
16:25:13.0875 0x11b0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:25:13.0893 0x11b0 adpahci - ok
16:25:13.0949 0x11b0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:25:13.0960 0x11b0 adpu320 - ok
16:25:14.0008 0x11b0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:25:14.0012 0x11b0 AeLookupSvc - ok
16:25:14.0108 0x11b0 [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
16:25:14.0135 0x11b0 AFD - ok
16:25:14.0186 0x11b0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:25:14.0192 0x11b0 agp440 - ok
16:25:14.0237 0x11b0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:25:14.0242 0x11b0 ALG - ok
16:25:14.0260 0x11b0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:25:14.0262 0x11b0 aliide - ok
16:25:14.0275 0x11b0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:25:14.0277 0x11b0 amdide - ok
16:25:14.0315 0x11b0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:25:14.0319 0x11b0 AmdK8 - ok
16:25:14.0348 0x11b0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:25:14.0353 0x11b0 AmdPPM - ok
16:25:14.0415 0x11b0 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:25:14.0422 0x11b0 amdsata - ok
16:25:14.0474 0x11b0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:25:14.0485 0x11b0 amdsbs - ok
16:25:14.0535 0x11b0 [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:25:14.0537 0x11b0 amdxata - ok
16:25:14.0595 0x11b0 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
16:25:14.0600 0x11b0 AppID - ok
16:25:14.0637 0x11b0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:25:14.0640 0x11b0 AppIDSvc - ok
16:25:14.0665 0x11b0 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
16:25:14.0669 0x11b0 Appinfo - ok
16:25:14.0709 0x11b0 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
16:25:14.0720 0x11b0 AppMgmt - ok
16:25:14.0760 0x11b0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:25:14.0765 0x11b0 arc - ok
16:25:14.0807 0x11b0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:25:14.0813 0x11b0 arcsas - ok
16:25:14.0844 0x11b0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:14.0846 0x11b0 AsyncMac - ok
16:25:14.0867 0x11b0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:25:14.0869 0x11b0 atapi - ok
16:25:14.0955 0x11b0 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:25:14.0989 0x11b0 AudioEndpointBuilder - ok
16:25:15.0035 0x11b0 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:25:15.0058 0x11b0 AudioSrv - ok
16:25:15.0108 0x11b0 [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc C:\Windows\system32\DRIVERS\avc.sys
16:25:15.0111 0x11b0 Avc - ok
16:25:15.0147 0x11b0 [ 155F536D6181508929F4FE177F4167CE, 479B100DA05EDFADEDC6853B561FF3AC6A00403AB8A54F83887B8D0BB4D76886 ] AVCSTRM C:\Windows\system32\DRIVERS\avcstrm.sys
16:25:15.0149 0x11b0 AVCSTRM - ok
16:25:15.0200 0x11b0 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:25:15.0207 0x11b0 AxInstSV - ok
16:25:15.0275 0x11b0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:25:15.0300 0x11b0 b06bdrv - ok
16:25:15.0361 0x11b0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:15.0375 0x11b0 b57nd60a - ok
16:25:15.0427 0x11b0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:25:15.0434 0x11b0 BDESVC - ok
16:25:15.0463 0x11b0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:25:15.0465 0x11b0 Beep - ok
16:25:15.0551 0x11b0 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
16:25:15.0572 0x11b0 BFE - ok
16:25:16.0079 0x11b0 [ 613883A3BAC6920149C83ED751589433, 9846C1EE0916120C56F598AEA9C2C5B8F1AEDA06FDC3CCE8BAFD0480ACE93078 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
16:25:16.0117 0x11b0 BHDrvx64 - ok
16:25:16.0209 0x11b0 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
16:25:16.0257 0x11b0 BITS - ok
16:25:16.0289 0x11b0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:16.0292 0x11b0 blbdrive - ok
16:25:16.0419 0x11b0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:25:16.0443 0x11b0 Bonjour Service - ok
16:25:16.0505 0x11b0 [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:25:16.0509 0x11b0 bowser - ok
16:25:16.0551 0x11b0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:25:16.0553 0x11b0 BrFiltLo - ok
16:25:16.0563 0x11b0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:25:16.0565 0x11b0 BrFiltUp - ok
16:25:16.0617 0x11b0 [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
16:25:16.0624 0x11b0 Browser - ok
16:25:16.0670 0x11b0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:25:16.0685 0x11b0 Brserid - ok
16:25:16.0710 0x11b0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:16.0714 0x11b0 BrSerWdm - ok
16:25:16.0734 0x11b0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:16.0736 0x11b0 BrUsbMdm - ok
16:25:16.0746 0x11b0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:16.0748 0x11b0 BrUsbSer - ok
16:25:16.0808 0x11b0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:25:16.0811 0x11b0 BthEnum - ok
16:25:16.0855 0x11b0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:25:16.0860 0x11b0 BTHMODEM - ok
16:25:16.0904 0x11b0 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:25:16.0911 0x11b0 BthPan - ok
16:25:16.0969 0x11b0 [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:25:16.0998 0x11b0 BTHPORT - ok
16:25:17.0048 0x11b0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:25:17.0053 0x11b0 bthserv - ok
16:25:17.0122 0x11b0 [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:25:17.0127 0x11b0 BTHUSB - ok
16:25:17.0185 0x11b0 [ 0CA8ED7F262A3D0034F156BDFDF4814C, D1507D831AAF3508086D416BCA3A07C9DDCAAAED8B34A42F2B28BD0D808200DB ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:25:17.0201 0x11b0 CAXHWAZL - ok
16:25:17.0322 0x11b0 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys
16:25:17.0330 0x11b0 ccSet_NIS - ok
16:25:17.0379 0x11b0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:25:17.0384 0x11b0 cdfs - ok
16:25:17.0440 0x11b0 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:25:17.0449 0x11b0 cdrom - ok
16:25:17.0495 0x11b0 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
16:25:17.0501 0x11b0 CertPropSvc - ok
16:25:17.0529 0x11b0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:25:17.0533 0x11b0 circlass - ok
16:25:17.0573 0x11b0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:25:17.0593 0x11b0 CLFS - ok
16:25:17.0674 0x11b0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:17.0679 0x11b0 clr_optimization_v2.0.50727_32 - ok
16:25:17.0738 0x11b0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:25:17.0744 0x11b0 clr_optimization_v2.0.50727_64 - ok
16:25:17.0873 0x11b0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:25:17.0879 0x11b0 clr_optimization_v4.0.30319_32 - ok
16:25:17.0928 0x11b0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:25:17.0936 0x11b0 clr_optimization_v4.0.30319_64 - ok
16:25:17.0980 0x11b0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:17.0983 0x11b0 CmBatt - ok
16:25:18.0008 0x11b0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:25:18.0010 0x11b0 cmdide - ok
16:25:18.0108 0x11b0 [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
16:25:18.0134 0x11b0 CNG - ok
16:25:18.0167 0x11b0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:25:18.0170 0x11b0 Compbatt - ok
16:25:18.0191 0x11b0 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:25:18.0194 0x11b0 CompositeBus - ok
16:25:18.0209 0x11b0 COMSysApp - ok
16:25:18.0241 0x11b0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:25:18.0243 0x11b0 crcdisk - ok
16:25:18.0313 0x11b0 [ F02786B66375292E58C8777082D4396D, EE7BCD10C014A16A06619EFD47226FAA1460A67CD7687EA8C38D63C71DBCD51B ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:25:18.0322 0x11b0 CryptSvc - ok
16:25:18.0373 0x11b0 [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC C:\Windows\system32\drivers\csc.sys
16:25:18.0401 0x11b0 CSC - ok
16:25:18.0480 0x11b0 [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService C:\Windows\System32\cscsvc.dll
16:25:18.0511 0x11b0 CscService - ok
16:25:18.0582 0x11b0 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:25:18.0599 0x11b0 DcomLaunch - ok
16:25:18.0631 0x11b0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:25:18.0640 0x11b0 defragsvc - ok
16:25:18.0696 0x11b0 [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:25:18.0703 0x11b0 DfsC - ok
16:25:18.0750 0x11b0 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:25:18.0762 0x11b0 Dhcp - ok
16:25:18.0790 0x11b0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:25:18.0792 0x11b0 discache - ok
16:25:18.0823 0x11b0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:25:18.0827 0x11b0 Disk - ok
16:25:18.0898 0x11b0 [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:25:18.0907 0x11b0 Dnscache - ok
16:25:18.0946 0x11b0 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
16:25:18.0958 0x11b0 dot3svc - ok
16:25:18.0988 0x11b0 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
16:25:18.0995 0x11b0 DPS - ok
16:25:19.0029 0x11b0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:25:19.0031 0x11b0 drmkaud - ok
16:25:19.0148 0x11b0 [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:25:19.0194 0x11b0 DXGKrnl - ok
16:25:19.0244 0x11b0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:25:19.0248 0x11b0 EapHost - ok
16:25:19.0462 0x11b0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:25:19.0664 0x11b0 ebdrv - ok
16:25:19.0769 0x11b0 [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:25:19.0789 0x11b0 eeCtrl - ok
16:25:19.0839 0x11b0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
16:25:19.0842 0x11b0 EFS - ok
16:25:19.0970 0x11b0 [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:25:20.0038 0x11b0 ehRecvr - ok
16:25:20.0089 0x11b0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:25:20.0096 0x11b0 ehSched - ok
16:25:20.0160 0x11b0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:25:20.0189 0x11b0 elxstor - ok
16:25:20.0265 0x11b0 [ 7230C8B80DDE1F0524C353240B78CC0E, 15F73EBFB9152010E7736AFE518A47C209E17DDB347A40C4CDA0D9BBD26D1176 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:25:20.0271 0x11b0 EraserUtilRebootDrv - ok
16:25:20.0297 0x11b0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:25:20.0298 0x11b0 ErrDev - ok
16:25:20.0376 0x11b0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:25:20.0395 0x11b0 EventSystem - ok
16:25:20.0430 0x11b0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:25:20.0441 0x11b0 exfat - ok
16:25:20.0522 0x11b0 Fabs - ok
16:25:20.0574 0x11b0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:25:20.0586 0x11b0 fastfat - ok
16:25:20.0672 0x11b0 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
16:25:20.0698 0x11b0 Fax - ok
16:25:20.0724 0x11b0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:25:20.0726 0x11b0 fdc - ok
16:25:20.0761 0x11b0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:25:20.0763 0x11b0 fdPHost - ok
16:25:20.0781 0x11b0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:25:20.0783 0x11b0 FDResPub - ok
16:25:20.0814 0x11b0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:25:20.0817 0x11b0 FileInfo - ok
16:25:20.0828 0x11b0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:25:20.0830 0x11b0 Filetrace - ok
16:25:21.0059 0x11b0 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:25:21.0212 0x11b0 FirebirdServerMAGIXInstance - ok
16:25:21.0279 0x11b0 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:25:21.0301 0x11b0 FLEXnet Licensing Service - ok
16:25:21.0323 0x11b0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:25:21.0324 0x11b0 flpydisk - ok
16:25:21.0370 0x11b0 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:25:21.0380 0x11b0 FltMgr - ok
16:25:21.0493 0x11b0 [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll
16:25:21.0533 0x11b0 FontCache - ok
16:25:21.0598 0x11b0 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:21.0601 0x11b0 FontCache3.0.0.0 - ok
16:25:21.0622 0x11b0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:25:21.0626 0x11b0 FsDepends - ok
16:25:21.0676 0x11b0 [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:25:21.0678 0x11b0 Fs_Rec - ok
16:25:21.0733 0x11b0 [ AE87BA80D0EC3B57126ED2CDC15B24ED, 7E0EA3CDB78054D9A4E3B5142305943F2914536D80B8FC363414C8838D51D56C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:25:21.0745 0x11b0 fvevol - ok
16:25:21.0783 0x11b0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:25:21.0788 0x11b0 gagp30kx - ok
16:25:21.0863 0x11b0 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
16:25:21.0903 0x11b0 gpsvc - ok
16:25:22.0092 0x11b0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:25:22.0097 0x11b0 gupdate - ok
16:25:22.0110 0x11b0 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:25:22.0115 0x11b0 gupdatem - ok
16:25:22.0148 0x11b0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:25:22.0151 0x11b0 hcw85cir - ok
16:25:22.0206 0x11b0 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:25:22.0225 0x11b0 HdAudAddService - ok
16:25:22.0258 0x11b0 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:22.0265 0x11b0 HDAudBus - ok
16:25:22.0296 0x11b0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:25:22.0298 0x11b0 HidBatt - ok
16:25:22.0327 0x11b0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:25:22.0334 0x11b0 HidBth - ok
16:25:22.0369 0x11b0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:25:22.0373 0x11b0 HidIr - ok
16:25:22.0405 0x11b0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:25:22.0409 0x11b0 hidserv - ok
16:25:22.0447 0x11b0 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:25:22.0450 0x11b0 HidUsb - ok
16:25:22.0484 0x11b0 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
16:25:22.0491 0x11b0 hkmsvc - ok
16:25:22.0526 0x11b0 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:25:22.0541 0x11b0 HomeGroupListener - ok
16:25:22.0581 0x11b0 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:25:22.0593 0x11b0 HomeGroupProvider - ok
16:25:22.0631 0x11b0 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:25:22.0636 0x11b0 HpSAMD - ok
16:25:22.0771 0x11b0 [ 8774D021A3FFFE44150F8510381DEEE6, A72D2FBCE94A147F26410CE9DCE46FAF428F3A7075CCEF739CEA0A9F61F21A77 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:25:22.0824 0x11b0 HSF_DPV - ok
16:25:22.0902 0x11b0 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:25:22.0942 0x11b0 HTTP - ok
16:25:22.0964 0x11b0 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:25:22.0966 0x11b0 hwpolicy - ok
16:25:23.0020 0x11b0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:23.0026 0x11b0 i8042prt - ok
16:25:23.0123 0x11b0 [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:25:23.0145 0x11b0 iaStorV - ok
16:25:23.0262 0x11b0 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:23.0292 0x11b0 idsvc - ok
16:25:23.0464 0x11b0 [ D7CB14B41DA52DF2EC143768E02F0E97, 97D6A49CA10508454F487F87F14249AE11646E365E89E3A2854AE05834DE9575 ] IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys
16:25:23.0482 0x11b0 IDSVia64 - ok
16:25:23.0837 0x11b0 [ 24CC43ECDEEFD4C19FBBEE4951B647F1, 416799965E6602F8F03E2A92E8BB42B1D5643C65EF09815FC5A56A2FA73E6773 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:25:24.0185 0x11b0 igfx - ok
16:25:24.0247 0x11b0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:25:24.0249 0x11b0 iirsp - ok
16:25:24.0354 0x11b0 [ 2F95BEF56AEEEB45DE55EC44668E2695, A846FA2A4A426252EA351B593E8C887BFE02EB137E9F0C9AEB094465A4555235 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
16:25:24.0360 0x11b0 IJPLMSVC - ok
16:25:24.0438 0x11b0 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
16:25:24.0462 0x11b0 IKEEXT - ok
16:25:24.0480 0x11b0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:25:24.0482 0x11b0 intelide - ok
16:25:24.0517 0x11b0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:25:24.0520 0x11b0 intelppm - ok
16:25:24.0551 0x11b0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:25:24.0558 0x11b0 IPBusEnum - ok
16:25:24.0582 0x11b0 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:24.0586 0x11b0 IpFilterDriver - ok
16:25:24.0636 0x11b0 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:25:24.0656 0x11b0 iphlpsvc - ok
16:25:24.0702 0x11b0 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:25:24.0706 0x11b0 IPMIDRV - ok
16:25:24.0730 0x11b0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:25:24.0737 0x11b0 IPNAT - ok
16:25:24.0774 0x11b0 [ 05360B1EA5A2ABF620D1D96EBD8BD8F1, 226185C9ED1F6367BE4937734FF528D1EAAC1F0F85E4735EE66B244C15FC8EAF ] irda C:\Windows\system32\DRIVERS\irda.sys
16:25:24.0781 0x11b0 irda - ok
16:25:24.0812 0x11b0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:25:24.0814 0x11b0 IRENUM - ok
16:25:24.0849 0x11b0 [ 3848384AB383F0A8F506C4370635C1F9, A18BAAAD42CFC5B33D8108875D1FC1A424351B6901798E7B2A5EB82C4C0F89AC ] Irmon C:\Windows\System32\irmon.dll
16:25:24.0855 0x11b0 Irmon - ok
16:25:24.0886 0x11b0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:25:24.0889 0x11b0 isapnp - ok
16:25:24.0941 0x11b0 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:25:24.0954 0x11b0 iScsiPrt - ok
16:25:24.0986 0x11b0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:24.0990 0x11b0 kbdclass - ok
16:25:25.0029 0x11b0 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:25.0031 0x11b0 kbdhid - ok
16:25:25.0061 0x11b0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
16:25:25.0065 0x11b0 KeyIso - ok
16:25:25.0124 0x11b0 [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:25:25.0130 0x11b0 KSecDD - ok
16:25:25.0159 0x11b0 [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:25:25.0168 0x11b0 KSecPkg - ok
16:25:25.0200 0x11b0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:25:25.0202 0x11b0 ksthunk - ok
16:25:25.0252 0x11b0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:25:25.0275 0x11b0 KtmRm - ok
16:25:25.0362 0x11b0 [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\system32\srvsvc.dll
16:25:25.0376 0x11b0 LanmanServer - ok
16:25:25.0419 0x11b0 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:25:25.0428 0x11b0 LanmanWorkstation - ok
16:25:25.0464 0x11b0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:25:25.0468 0x11b0 lltdio - ok
16:25:25.0527 0x11b0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:25:25.0546 0x11b0 lltdsvc - ok
16:25:25.0571 0x11b0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:25:25.0576 0x11b0 lmhosts - ok
16:25:25.0625 0x11b0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:25:25.0632 0x11b0 LSI_FC - ok
16:25:25.0663 0x11b0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:25:25.0670 0x11b0 LSI_SAS - ok
16:25:25.0695 0x11b0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:25:25.0699 0x11b0 LSI_SAS2 - ok
16:25:25.0738 0x11b0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:25:25.0745 0x11b0 LSI_SCSI - ok
16:25:25.0772 0x11b0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:25:25.0781 0x11b0 luafv - ok
16:25:25.0863 0x11b0 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:25:25.0865 0x11b0 MBAMProtector - ok
16:25:26.0085 0x11b0 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\Test1234\mbamscheduler.exe
16:25:26.0168 0x11b0 MBAMScheduler - ok
16:25:26.0238 0x11b0 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\Test1234\mbamservice.exe
16:25:26.0272 0x11b0 MBAMService - ok
16:25:26.0379 0x11b0 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:25:26.0387 0x11b0 MBAMSwissArmy - ok
16:25:26.0431 0x11b0 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:25:26.0436 0x11b0 MBAMWebAccessControl - ok
16:25:26.0472 0x11b0 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:25:26.0479 0x11b0 Mcx2Svc - ok
16:25:26.0572 0x11b0 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
16:25:26.0590 0x11b0 MDM - ok
16:25:26.0616 0x11b0 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:25:26.0618 0x11b0 mdmxsdk - ok
16:25:26.0643 0x11b0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:25:26.0645 0x11b0 megasas - ok
16:25:26.0700 0x11b0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:25:26.0716 0x11b0 MegaSR - ok
16:25:26.0818 0x11b0 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:25:26.0823 0x11b0 Microsoft Office Groove Audit Service - ok
16:25:26.0847 0x11b0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:25:26.0853 0x11b0 MMCSS - ok
16:25:26.0873 0x11b0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:25:26.0876 0x11b0 Modem - ok
16:25:26.0914 0x11b0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:25:26.0917 0x11b0 monitor - ok
16:25:26.0945 0x11b0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:25:26.0949 0x11b0 mouclass - ok
16:25:26.0987 0x11b0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:25:26.0990 0x11b0 mouhid - ok
16:25:27.0020 0x11b0 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:25:27.0025 0x11b0 mountmgr - ok
16:25:27.0122 0x11b0 [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:25:27.0129 0x11b0 MozillaMaintenance - ok
16:25:27.0170 0x11b0 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:25:27.0179 0x11b0 mpio - ok
16:25:27.0222 0x11b0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:25:27.0227 0x11b0 mpsdrv - ok
16:25:27.0312 0x11b0 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:25:27.0352 0x11b0 MpsSvc - ok
16:25:27.0385 0x11b0 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:25:27.0393 0x11b0 MRxDAV - ok
16:25:27.0447 0x11b0 [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:27.0456 0x11b0 mrxsmb - ok
16:25:27.0529 0x11b0 [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:27.0546 0x11b0 mrxsmb10 - ok
16:25:27.0571 0x11b0 [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:27.0578 0x11b0 mrxsmb20 - ok
16:25:27.0594 0x11b0 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:25:27.0596 0x11b0 msahci - ok
16:25:27.0626 0x11b0 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:25:27.0634 0x11b0 msdsm - ok
16:25:27.0687 0x11b0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:25:27.0697 0x11b0 MSDTC - ok
16:25:27.0750 0x11b0 [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
16:25:27.0755 0x11b0 MSDV - ok
16:25:27.0780 0x11b0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:25:27.0782 0x11b0 Msfs - ok
16:25:27.0808 0x11b0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:25:27.0810 0x11b0 mshidkmdf - ok
16:25:27.0824 0x11b0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:25:27.0826 0x11b0 msisadrv - ok
16:25:27.0859 0x11b0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:25:27.0870 0x11b0 MSiSCSI - ok
16:25:27.0879 0x11b0 msiserver - ok
16:25:27.0911 0x11b0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:25:27.0912 0x11b0 MSKSSRV - ok
16:25:27.0931 0x11b0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:27.0933 0x11b0 MSPCLOCK - ok
16:25:27.0952 0x11b0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:25:27.0954 0x11b0 MSPQM - ok
16:25:28.0017 0x11b0 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:25:28.0037 0x11b0 MsRPC - ok
16:25:28.0061 0x11b0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:28.0063 0x11b0 mssmbios - ok
16:25:28.0103 0x11b0 [ 966EC55988D580B9823C453781309450, 52942A68A3DE6C6A9730D27667A0AAA35B65889C37B243B83CC9B54DFAFE4A2D ] MSTAPE C:\Windows\system32\DRIVERS\mstape.sys
16:25:28.0107 0x11b0 MSTAPE - ok
16:25:28.0161 0x11b0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:25:28.0163 0x11b0 MSTEE - ok
16:25:28.0185 0x11b0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:25:28.0187 0x11b0 MTConfig - ok
16:25:28.0218 0x11b0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:25:28.0223 0x11b0 Mup - ok
16:25:28.0277 0x11b0 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
16:25:28.0307 0x11b0 napagent - ok
16:25:28.0376 0x11b0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:25:28.0394 0x11b0 NativeWifiP - ok
16:25:28.0553 0x11b0 [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\ENG64.SYS
16:25:28.0562 0x11b0 NAVENG - ok
16:25:28.0777 0x11b0 [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\EX64.SYS
16:25:29.0005 0x11b0 NAVEX15 - ok
16:25:29.0104 0x11b0 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
16:25:29.0151 0x11b0 NDIS - ok
16:25:29.0181 0x11b0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:29.0184 0x11b0 NdisCap - ok
16:25:29.0226 0x11b0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:29.0227 0x11b0 NdisTapi - ok
16:25:29.0237 0x11b0 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:29.0240 0x11b0 Ndisuio - ok
16:25:29.0262 0x11b0 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:29.0268 0x11b0 NdisWan - ok
16:25:29.0289 0x11b0 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:25:29.0292 0x11b0 NDProxy - ok
16:25:29.0363 0x11b0 [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
16:25:29.0365 0x11b0 Netaapl - ok
16:25:29.0416 0x11b0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:25:29.0420 0x11b0 NetBIOS - ok
16:25:29.0452 0x11b0 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:25:29.0467 0x11b0 NetBT - ok
16:25:29.0484 0x11b0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
16:25:29.0488 0x11b0 Netlogon - ok
16:25:29.0537 0x11b0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:25:29.0559 0x11b0 Netman - ok
16:25:29.0597 0x11b0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:25:29.0621 0x11b0 netprofm - ok
16:25:29.0670 0x11b0 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:29.0677 0x11b0 NetTcpPortSharing - ok
16:25:29.0969 0x11b0 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
16:25:30.0240 0x11b0 netw5v64 - ok
16:25:30.0295 0x11b0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:25:30.0298 0x11b0 nfrd960 - ok
16:25:30.0511 0x11b0 [ 2393ACEBBCFF7BAFF04EB60C96914E17, DE97BEE4B8454D86B1CF8E2748CFFB3A1560CE962E1F3611E5B3542C1496A038 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
16:25:30.0524 0x11b0 NIS - ok
16:25:30.0582 0x11b0 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
16:25:30.0598 0x11b0 NlaSvc - ok
16:25:30.0624 0x11b0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:25:30.0628 0x11b0 Npfs - ok
16:25:30.0665 0x11b0 [ 228C7CF50A584DD58E72FCEFAC7D8914, DD5BF3B09952BE9D7EFD6B27398A36B1DF992807CF03503BA4D2AC21B3679791 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
16:25:30.0668 0x11b0 NSCIRDA - ok
16:25:30.0692 0x11b0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:25:30.0696 0x11b0 nsi - ok
16:25:30.0709 0x11b0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:25:30.0711 0x11b0 nsiproxy - ok
16:25:30.0849 0x11b0 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC, 2A78A36A729B271FE54A54E507EBC9AD9B9D764DBCB58AC3CBB8FC76D0075391 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:25:30.0907 0x11b0 Ntfs - ok
16:25:30.0938 0x11b0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:25:30.0939 0x11b0 Null - ok
16:25:30.0992 0x11b0 [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:25:31.0000 0x11b0 nvraid - ok
16:25:31.0066 0x11b0 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:25:31.0076 0x11b0 nvstor - ok
16:25:31.0125 0x11b0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:25:31.0133 0x11b0 nv_agp - ok
16:25:31.0230 0x11b0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:25:31.0254 0x11b0 odserv - ok
16:25:31.0283 0x11b0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:25:31.0288 0x11b0 ohci1394 - ok
16:25:31.0345 0x11b0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:31.0353 0x11b0 ose - ok
16:25:31.0414 0x11b0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:25:31.0433 0x11b0 p2pimsvc - ok
16:25:31.0498 0x11b0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:25:31.0520 0x11b0 p2psvc - ok
16:25:31.0550 0x11b0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:25:31.0555 0x11b0 Parport - ok
16:25:31.0610 0x11b0 [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:25:31.0615 0x11b0 partmgr - ok
16:25:31.0643 0x11b0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
16:25:31.0651 0x11b0 PcaSvc - ok
16:25:31.0682 0x11b0 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
16:25:31.0690 0x11b0 pci - ok
16:25:31.0708 0x11b0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:25:31.0710 0x11b0 pciide - ok
16:25:31.0741 0x11b0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:25:31.0751 0x11b0 pcmcia - ok
16:25:31.0772 0x11b0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:25:31.0775 0x11b0 pcw - ok
16:25:31.0837 0x11b0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:25:31.0873 0x11b0 PEAUTH - ok
16:25:31.0996 0x11b0 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:25:32.0046 0x11b0 PeerDistSvc - ok
16:25:32.0141 0x11b0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:25:32.0144 0x11b0 PerfHost - ok
16:25:32.0270 0x11b0 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
16:25:32.0322 0x11b0 pla - ok
16:25:32.0403 0x11b0 [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:25:32.0422 0x11b0 PlugPlay - ok
16:25:32.0448 0x11b0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:25:32.0451 0x11b0 PNRPAutoReg - ok
16:25:32.0486 0x11b0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:25:32.0497 0x11b0 PNRPsvc - ok
16:25:32.0565 0x11b0 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:25:32.0592 0x11b0 PolicyAgent - ok
16:25:32.0639 0x11b0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
16:25:32.0650 0x11b0 Power - ok
16:25:32.0694 0x11b0 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:25:32.0701 0x11b0 PptpMiniport - ok
16:25:32.0726 0x11b0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:25:32.0730 0x11b0 Processor - ok
16:25:32.0798 0x11b0 [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
16:25:32.0810 0x11b0 ProfSvc - ok
16:25:32.0826 0x11b0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:32.0831 0x11b0 ProtectedStorage - ok
16:25:32.0859 0x11b0 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:25:32.0867 0x11b0 Psched - ok
16:25:32.0991 0x11b0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:25:33.0045 0x11b0 ql2300 - ok
16:25:33.0076 0x11b0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:25:33.0082 0x11b0 ql40xx - ok
16:25:33.0120 0x11b0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:25:33.0131 0x11b0 QWAVE - ok
16:25:33.0152 0x11b0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:25:33.0154 0x11b0 QWAVEdrv - ok
16:25:33.0185 0x11b0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:25:33.0186 0x11b0 RasAcd - ok
16:25:33.0217 0x11b0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:33.0220 0x11b0 RasAgileVpn - ok
16:25:33.0241 0x11b0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:25:33.0247 0x11b0 RasAuto - ok
16:25:33.0264 0x11b0 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:33.0269 0x11b0 Rasl2tp - ok
16:25:33.0305 0x11b0 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
16:25:33.0319 0x11b0 RasMan - ok
16:25:33.0341 0x11b0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:33.0346 0x11b0 RasPppoe - ok
16:25:33.0367 0x11b0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:25:33.0371 0x11b0 RasSstp - ok
16:25:33.0397 0x11b0 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:25:33.0409 0x11b0 rdbss - ok
16:25:33.0435 0x11b0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:33.0437 0x11b0 rdpbus - ok
16:25:33.0445 0x11b0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:33.0446 0x11b0 RDPCDD - ok
16:25:33.0475 0x11b0 [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:25:33.0481 0x11b0 RDPDR - ok
16:25:33.0511 0x11b0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:25:33.0512 0x11b0 RDPENCDD - ok
16:25:33.0526 0x11b0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:25:33.0527 0x11b0 RDPREFMP - ok
16:25:33.0571 0x11b0 [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:25:33.0579 0x11b0 RDPWD - ok
16:25:33.0619 0x11b0 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:25:33.0628 0x11b0 rdyboost - ok
16:25:33.0662 0x11b0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:25:33.0667 0x11b0 RemoteAccess - ok
16:25:33.0696 0x11b0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:25:33.0704 0x11b0 RemoteRegistry - ok
16:25:33.0750 0x11b0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:33.0760 0x11b0 RFCOMM - ok
16:25:33.0783 0x11b0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:25:33.0790 0x11b0 RpcEptMapper - ok
16:25:33.0803 0x11b0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:25:33.0807 0x11b0 RpcLocator - ok
16:25:33.0856 0x11b0 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
16:25:33.0881 0x11b0 RpcSs - ok
16:25:33.0923 0x11b0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:25:33.0929 0x11b0 rspndr - ok
16:25:33.0958 0x11b0 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
16:25:33.0960 0x11b0 s3cap - ok
16:25:33.0993 0x11b0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
16:25:33.0997 0x11b0 SamSs - ok
16:25:34.0030 0x11b0 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:25:34.0037 0x11b0 sbp2port - ok
16:25:34.0081 0x11b0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:25:34.0095 0x11b0 SCardSvr - ok
16:25:34.0116 0x11b0 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:25:34.0118 0x11b0 scfilter - ok
16:25:34.0239 0x11b0 [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
16:25:34.0282 0x11b0 Schedule - ok
16:25:34.0314 0x11b0 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:25:34.0317 0x11b0 SCPolicySvc - ok
16:25:34.0350 0x11b0 [ 54E47AD086782D3AE9417C155CDCEB9B, 5143DC43B89F9143A56505FA20841AF15E7785A87F88195B08B3E09B87472A07 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:25:34.0354 0x11b0 sdbus - ok
16:25:34.0388 0x11b0 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:25:34.0396 0x11b0 SDRSVC - ok
16:25:34.0428 0x11b0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:25:34.0430 0x11b0 secdrv - ok
16:25:34.0449 0x11b0 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
16:25:34.0453 0x11b0 seclogon - ok
16:25:34.0466 0x11b0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
16:25:34.0470 0x11b0 SENS - ok
16:25:34.0481 0x11b0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:25:34.0485 0x11b0 SensrSvc - ok
16:25:34.0496 0x11b0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:25:34.0498 0x11b0 Serenum - ok
16:25:34.0535 0x11b0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:25:34.0539 0x11b0 Serial - ok
16:25:34.0548 0x11b0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:25:34.0550 0x11b0 sermouse - ok
16:25:34.0597 0x11b0 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
16:25:34.0603 0x11b0 SessionEnv - ok
16:25:34.0625 0x11b0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:25:34.0627 0x11b0 sffdisk - ok
16:25:34.0635 0x11b0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:25:34.0636 0x11b0 sffp_mmc - ok
16:25:34.0655 0x11b0 [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:25:34.0656 0x11b0 sffp_sd - ok
16:25:34.0674 0x11b0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:25:34.0676 0x11b0 sfloppy - ok
16:25:34.0710 0x11b0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:25:34.0725 0x11b0 SharedAccess - ok
16:25:34.0758 0x11b0 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:34.0771 0x11b0 ShellHWDetection - ok
16:25:34.0793 0x11b0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:25:34.0795 0x11b0 SiSRaid2 - ok
16:25:34.0820 0x11b0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:25:34.0824 0x11b0 SiSRaid4 - ok
16:25:34.0879 0x11b0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:25:34.0885 0x11b0 Smb - ok
16:25:34.0947 0x11b0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:25:34.0952 0x11b0 SNMPTRAP - ok
16:25:34.0974 0x11b0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:25:34.0976 0x11b0 spldr - ok
16:25:35.0061 0x11b0 [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
16:25:35.0089 0x11b0 Spooler - ok
16:25:35.0322 0x11b0 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
16:25:35.0507 0x11b0 sppsvc - ok
16:25:35.0540 0x11b0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:25:35.0545 0x11b0 sppuinotify - ok
16:25:35.0655 0x11b0 [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\System32\Drivers\sptd.sys
16:25:35.0685 0x11b0 sptd - ok
16:25:35.0829 0x11b0 [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS
16:25:35.0875 0x11b0 SRTSP - ok
16:25:35.0914 0x11b0 [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS
16:25:35.0916 0x11b0 SRTSPX - ok
16:25:36.0008 0x11b0 [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:25:36.0033 0x11b0 srv - ok
16:25:36.0077 0x11b0 [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:25:36.0092 0x11b0 srv2 - ok
16:25:36.0158 0x11b0 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:25:36.0174 0x11b0 SrvHsfHDA - ok
16:25:36.0299 0x11b0 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:25:36.0378 0x11b0 SrvHsfV92 - ok
16:25:36.0455 0x11b0 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:25:36.0494 0x11b0 SrvHsfWinac - ok
16:25:36.0551 0x11b0 [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:25:36.0557 0x11b0 srvnet - ok
16:25:36.0592 0x11b0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:25:36.0599 0x11b0 SSDPSRV - ok
16:25:36.0623 0x11b0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:25:36.0628 0x11b0 SstpSvc - ok
16:25:36.0705 0x11b0 [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:25:36.0725 0x11b0 StarWindServiceAE - ok
16:25:36.0763 0x11b0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:25:36.0765 0x11b0 stexstor - ok
16:25:36.0829 0x11b0 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
16:25:36.0865 0x11b0 stisvc - ok
16:25:36.0896 0x11b0 [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:25:36.0900 0x11b0 storflt - ok
16:25:36.0918 0x11b0 [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
16:25:36.0921 0x11b0 storvsc - ok
16:25:36.0936 0x11b0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:25:36.0938 0x11b0 swenum - ok
16:25:37.0011 0x11b0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:25:37.0037 0x11b0 swprv - ok
16:25:37.0115 0x11b0 [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS
16:25:37.0133 0x11b0 SymDS - ok
16:25:37.0255 0x11b0 [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS
16:25:37.0285 0x11b0 SymEFA - ok
16:25:37.0367 0x11b0 [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:25:37.0376 0x11b0 SymEvent - ok
16:25:37.0436 0x11b0 [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS
16:25:37.0448 0x11b0 SymIRON - ok
16:25:37.0546 0x11b0 [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS
16:25:37.0573 0x11b0 SymNetS - ok
16:25:37.0718 0x11b0 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
16:25:37.0761 0x11b0 SysMain - ok
16:25:37.0871 0x11b0 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:37.0880 0x11b0 TabletInputService - ok
16:25:37.0923 0x11b0 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:25:37.0944 0x11b0 TapiSrv - ok
16:25:37.0962 0x11b0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:25:37.0969 0x11b0 TBS - ok
16:25:38.0114 0x11b0 [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:25:38.0174 0x11b0 Tcpip - ok
16:25:38.0330 0x11b0 [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:25:38.0380 0x11b0 TCPIP6 - ok
16:25:38.0466 0x11b0 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:25:38.0470 0x11b0 tcpipreg - ok
16:25:38.0496 0x11b0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:25:38.0498 0x11b0 TDPIPE - ok
16:25:38.0544 0x11b0 [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:25:38.0546 0x11b0 TDTCP - ok
16:25:38.0578 0x11b0 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:25:38.0584 0x11b0 tdx - ok
16:25:38.0600 0x11b0 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:25:38.0605 0x11b0 TermDD - ok
16:25:38.0679 0x11b0 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
16:25:38.0720 0x11b0 TermService - ok
16:25:38.0739 0x11b0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:25:38.0746 0x11b0 Themes - ok
16:25:38.0767 0x11b0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:25:38.0773 0x11b0 THREADORDER - ok
16:25:38.0842 0x11b0 [ 7E673A9711C616D63C33247A51E4C3F7, 77E78C8D182B387681A0ECC0EEEA9C27687E95030B68AAEA4CA132B020AD0791 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
16:25:38.0859 0x11b0 tifm21 - ok
16:25:38.0898 0x11b0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:25:38.0907 0x11b0 TrkWks - ok
16:25:38.0970 0x11b0 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:38.0982 0x11b0 TrustedInstaller - ok
16:25:39.0010 0x11b0 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:39.0013 0x11b0 tssecsrv - ok
16:25:39.0067 0x11b0 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:25:39.0075 0x11b0 tunnel - ok
16:25:39.0099 0x11b0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:25:39.0103 0x11b0 uagp35 - ok
16:25:39.0145 0x11b0 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:25:39.0163 0x11b0 udfs - ok
16:25:39.0193 0x11b0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:25:39.0200 0x11b0 UI0Detect - ok
16:25:39.0236 0x11b0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:25:39.0240 0x11b0 uliagpkx - ok
16:25:39.0290 0x11b0 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:25:39.0294 0x11b0 umbus - ok
16:25:39.0325 0x11b0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:25:39.0327 0x11b0 UmPass - ok
16:25:39.0365 0x11b0 [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService C:\Windows\System32\umrdp.dll
16:25:39.0378 0x11b0 UmRdpService - ok
16:25:39.0416 0x11b0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:25:39.0438 0x11b0 upnphost - ok
16:25:39.0480 0x11b0 [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:25:39.0484 0x11b0 USBAAPL64 - ok
16:25:39.0574 0x11b0 [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:25:39.0581 0x11b0 usbaudio - ok
16:25:39.0636 0x11b0 [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:39.0642 0x11b0 usbccgp - ok
16:25:39.0693 0x11b0 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:25:39.0699 0x11b0 usbcir - ok
16:25:39.0750 0x11b0 [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:25:39.0754 0x11b0 usbehci - ok
16:25:39.0831 0x11b0 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:25:39.0850 0x11b0 usbhub - ok
16:25:39.0902 0x11b0 [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:25:39.0905 0x11b0 usbohci - ok
16:25:39.0932 0x11b0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:25:39.0935 0x11b0 usbprint - ok
16:25:40.0005 0x11b0 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:25:40.0009 0x11b0 usbscan - ok
16:25:40.0066 0x11b0 [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:40.0071 0x11b0 USBSTOR - ok
16:25:40.0125 0x11b0 [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:40.0128 0x11b0 usbuhci - ok
16:25:40.0161 0x11b0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:25:40.0167 0x11b0 UxSms - ok
16:25:40.0182 0x11b0 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
16:25:40.0186 0x11b0 VaultSvc - ok
16:25:40.0226 0x11b0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:25:40.0229 0x11b0 vdrvroot - ok
16:25:40.0301 0x11b0 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
16:25:40.0334 0x11b0 vds - ok
16:25:40.0359 0x11b0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:40.0362 0x11b0 vga - ok
16:25:40.0381 0x11b0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:25:40.0384 0x11b0 VgaSave - ok
16:25:40.0417 0x11b0 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:25:40.0430 0x11b0 vhdmp - ok
16:25:40.0462 0x11b0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:25:40.0464 0x11b0 viaide - ok
16:25:40.0495 0x11b0 [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
16:25:40.0507 0x11b0 vmbus - ok
16:25:40.0522 0x11b0 [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
16:25:40.0524 0x11b0 VMBusHID - ok
16:25:40.0550 0x11b0 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:25:40.0555 0x11b0 volmgr - ok
16:25:40.0593 0x11b0 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:25:40.0614 0x11b0 volmgrx - ok
16:25:40.0658 0x11b0 [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:25:40.0674 0x11b0 volsnap - ok
16:25:40.0697 0x11b0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:25:40.0707 0x11b0 vsmraid - ok
16:25:40.0844 0x11b0 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
16:25:40.0901 0x11b0 VSS - ok
16:25:40.0924 0x11b0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:25:40.0926 0x11b0 vwifibus - ok
16:25:40.0977 0x11b0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:25:40.0994 0x11b0 W32Time - ok
16:25:41.0028 0x11b0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:25:41.0030 0x11b0 WacomPen - ok
16:25:41.0072 0x11b0 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:25:41.0076 0x11b0 WANARP - ok
16:25:41.0084 0x11b0 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:25:41.0087 0x11b0 Wanarpv6 - ok
16:25:41.0188 0x11b0 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
16:25:41.0243 0x11b0 wbengine - ok
16:25:41.0277 0x11b0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:25:41.0286 0x11b0 WbioSrvc - ok
16:25:41.0364 0x11b0 [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:25:41.0388 0x11b0 wcncsvc - ok
16:25:41.0409 0x11b0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:25:41.0416 0x11b0 WcsPlugInService - ok
16:25:41.0454 0x11b0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:25:41.0457 0x11b0 Wd - ok
16:25:41.0522 0x11b0 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:25:41.0565 0x11b0 Wdf01000 - ok
16:25:41.0612 0x11b0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:25:41.0620 0x11b0 WdiServiceHost - ok
16:25:41.0632 0x11b0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:25:41.0640 0x11b0 WdiSystemHost - ok
16:25:41.0709 0x11b0 [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
16:25:41.0727 0x11b0 WebClient - ok
16:25:41.0762 0x11b0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:25:41.0779 0x11b0 Wecsvc - ok
16:25:41.0804 0x11b0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:25:41.0812 0x11b0 wercplsupport - ok
16:25:41.0856 0x11b0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:25:41.0864 0x11b0 WerSvc - ok
16:25:41.0901 0x11b0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:41.0903 0x11b0 WfpLwf - ok
16:25:41.0926 0x11b0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:25:41.0929 0x11b0 WIMMount - ok
16:25:41.0998 0x11b0 [ 47E8FE123D0A99DC0E172F89425B9342, 85E197DC7858A8396BA49E93CD1A35503F6546EEB24B7986E3D2D8C071CC46AA ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:25:42.0037 0x11b0 winachsf - ok
|
|
22.01.2015, 16:33
| #4 |
| | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen TDSS (Teil 2): Code:
ATTFilter 16:25:42.0052 0x11b0 WinDefend - ok
16:25:42.0065 0x11b0 WinHttpAutoProxySvc - ok
16:25:42.0136 0x11b0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:25:42.0151 0x11b0 Winmgmt - ok
16:25:42.0309 0x11b0 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
16:25:42.0357 0x11b0 WinRM - ok
16:25:42.0514 0x11b0 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:25:42.0517 0x11b0 WinUsb - ok
16:25:42.0604 0x11b0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:25:42.0654 0x11b0 Wlansvc - ok
16:25:42.0709 0x11b0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:25:42.0711 0x11b0 WmiAcpi - ok
16:25:42.0755 0x11b0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:25:42.0766 0x11b0 wmiApSrv - ok
16:25:42.0802 0x11b0 WMPNetworkSvc - ok
16:25:42.0827 0x11b0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:25:42.0833 0x11b0 WPCSvc - ok
16:25:42.0854 0x11b0 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:25:42.0863 0x11b0 WPDBusEnum - ok
16:25:42.0899 0x11b0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:25:42.0902 0x11b0 ws2ifsl - ok
16:25:42.0963 0x11b0 [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\System32\wscsvc.dll
16:25:42.0972 0x11b0 wscsvc - ok
16:25:42.0981 0x11b0 WSearch - ok
16:25:43.0161 0x11b0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
16:25:43.0224 0x11b0 wuauserv - ok
16:25:43.0258 0x11b0 [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:25:43.0262 0x11b0 WudfPf - ok
16:25:43.0297 0x11b0 [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:43.0301 0x11b0 WUDFRd - ok
16:25:43.0333 0x11b0 [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:25:43.0338 0x11b0 wudfsvc - ok
16:25:43.0363 0x11b0 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:25:43.0373 0x11b0 WwanSvc - ok
16:25:43.0398 0x11b0 [ E288FA83C178A3458BAC1FA80B346C06, 72EA793EFECCC36930D04820FCFBB3064873FB7B65D010EA9B77FCD9ACFE8C12 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
16:25:43.0400 0x11b0 XAudio - ok
16:25:43.0433 0x11b0 [ 510652A925B5D6C3892379D263A87F00, A4F5425349444463E7D55AA65B0ACDCACDBC6B2193CBC4F0CA73286857737B54 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
16:25:43.0446 0x11b0 XAudioService - ok
16:25:43.0489 0x11b0 ================ Scan global ===============================
16:25:43.0508 0x11b0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:25:43.0565 0x11b0 [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
16:25:43.0591 0x11b0 [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
16:25:43.0620 0x11b0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:25:43.0666 0x11b0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:25:43.0683 0x11b0 [ Global ] - ok
16:25:43.0683 0x11b0 ================ Scan MBR ==================================
16:25:43.0697 0x11b0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:25:44.0510 0x11b0 \Device\Harddisk0\DR0 - ok
16:25:44.0511 0x11b0 ================ Scan VBR ==================================
16:25:44.0514 0x11b0 [ 8AF5ABB0AC8F4C679A85843630A6FEE0 ] \Device\Harddisk0\DR0\Partition1
16:25:44.0517 0x11b0 \Device\Harddisk0\DR0\Partition1 - ok
16:25:44.0517 0x11b0 ================ Scan generic autorun ======================
16:25:44.0557 0x11b0 [ 92FDB0658CA16974B4AE80E248A5B118, 9E0CF6A9C845C5F9E4B80B9105DBECE15ACC27984FCBFD8774C00EBE20DB652F ] C:\Windows\system32\igfxtray.exe
16:25:44.0564 0x11b0 IgfxTray - ok
16:25:44.0597 0x11b0 [ 23A6AE66AA4BEF792649736385BB51BA, FC85E38B2F5F52E970EAE5DAFC3B738BCC8BF596AF3766F0EDA03040664E1F08 ] C:\Windows\system32\hkcmd.exe
16:25:44.0608 0x11b0 HotKeysCmds - ok
16:25:44.0636 0x11b0 [ F6FA1865978214FB7FCD80149BBF1C13, 3CA24827982B521986DBE1E5600316155800C3777BAF415B978C7FE9F3AA3DD2 ] C:\Windows\system32\igfxpers.exe
16:25:44.0646 0x11b0 Persistence - ok
16:25:44.0820 0x11b0 [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
16:25:44.0844 0x11b0 AdobeAAMUpdater-1.0 - ok
16:25:44.0937 0x11b0 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
16:25:44.0940 0x11b0 GrooveMonitor - ok
16:25:45.0074 0x11b0 [ 4D042B1F1375CF371AFBE0E0276BA627, FA64290562115F567C8CFB1B701E28CEBA772052CB6A02C036897C2C7BD5BA08 ] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
16:25:45.0099 0x11b0 Acrobat Assistant 8.0 - ok
16:25:45.0263 0x11b0 [ C1873D880786B6B03AF781E23835D925, C573BED9F8F2F370F644505FC88A1476BC00A55F45BD7B7882B9E2C66EBFFFB9 ] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
16:25:45.0310 0x11b0 Adobe_ID0EYTHM - ok
16:25:45.0382 0x11b0 [ 2E5212A0BFB98FE0167C92C76C87AFE3, 8C8ACD175A626453878154AF48760D99979C6D2836BC4816575B347C668D4F9E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:25:45.0392 0x11b0 SunJavaUpdateSched - ok
16:25:45.0492 0x11b0 [ B114DB354D13A21C1AC2B1807EE2F500, 7320791554672833D2A50B4CEEA54372ED76F8272EF88F9A08DC33D7D701E2DC ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
16:25:45.0503 0x11b0 TkBellExe - ok
16:25:45.0642 0x11b0 [ 696A74A2E7AAD166D0A97499A43AD084, A661156C420B3198A82A6A395B986B28E89645CCFEFF4ED68B95EE5FC447E032 ] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe
16:25:45.0647 0x11b0 TrayServer - ok
16:25:45.0900 0x11b0 [ 46B9417D04912FFE8FA205B3D10A1B75, 05E533E5A6B71C37B3398224C8F04D77AC063EA75FBDC70FFF8F120F03EF86B1 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
16:25:45.0992 0x11b0 Adobe Creative Cloud - ok
16:25:46.0160 0x11b0 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:25:46.0199 0x11b0 Sidebar - ok
16:25:46.0263 0x11b0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:25:46.0270 0x11b0 mctadmin - ok
16:25:46.0362 0x11b0 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:25:46.0405 0x11b0 Sidebar - ok
16:25:46.0439 0x11b0 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:25:46.0443 0x11b0 mctadmin - ok
16:25:46.0444 0x11b0 Waiting for KSN requests completion. In queue: 89
16:25:47.0444 0x11b0 Waiting for KSN requests completion. In queue: 89
16:25:48.0444 0x11b0 Waiting for KSN requests completion. In queue: 89
16:25:49.0444 0x11b0 Waiting for KSN requests completion. In queue: 89
16:25:50.0726 0x11b0 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x50010 ( disabled : outofdate )
16:25:50.0728 0x11b0 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x50010 ( disabled )
16:25:50.0799 0x11b0 Win FW state via NFP2: enabled
16:25:53.0684 0x11b0 ============================================================
16:25:53.0684 0x11b0 Scan finished
16:25:53.0684 0x11b0 ============================================================
16:25:53.0705 0x1360 Detected object count: 0
16:25:53.0705 0x1360 Actual detected object count: 0
16:28:37.0488 0x0760 ============================================================
16:28:37.0488 0x0760 Scan started
16:28:37.0488 0x0760 Mode: Manual;
16:28:37.0488 0x0760 ============================================================
16:28:37.0488 0x0760 KSN ping started
16:28:40.0031 0x0760 KSN ping finished: true
16:28:41.0705 0x0760 ================ Scan system memory ========================
16:28:41.0706 0x0760 System memory - ok
16:28:41.0711 0x0760 ================ Scan services =============================
16:28:42.0335 0x0760 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:28:42.0345 0x0760 1394ohci - ok
16:28:42.0377 0x0760 [ E0A8525A951ADDB4655BC2068566407D, 7C08B9DB7C281422FD64219DF81B7064CE16EA53CF00EB1FC33CB0741CE6605F ] 61883 C:\Windows\system32\DRIVERS\61883.sys
16:28:42.0380 0x0760 61883 - ok
16:28:42.0424 0x0760 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:28:42.0439 0x0760 ACPI - ok
16:28:42.0464 0x0760 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:28:42.0465 0x0760 AcpiPmi - ok
16:28:42.0558 0x0760 [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
16:28:42.0565 0x0760 Adobe Version Cue CS3 - ok
16:28:42.0722 0x0760 [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:28:42.0734 0x0760 AdobeFlashPlayerUpdateSvc - ok
16:28:42.0805 0x0760 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:42.0826 0x0760 adp94xx - ok
16:28:42.0859 0x0760 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:28:42.0868 0x0760 adpahci - ok
16:28:42.0891 0x0760 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:28:42.0896 0x0760 adpu320 - ok
16:28:42.0927 0x0760 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:28:42.0930 0x0760 AeLookupSvc - ok
16:28:43.0021 0x0760 [ DB9D6C6B2CD95A9CA414D045B627422E, A4A0B2ACBFE311C20EF9F06A49DBE02CE90433C2364B292F6E8F78F6C274DF88 ] AFD C:\Windows\system32\drivers\afd.sys
16:28:43.0047 0x0760 AFD - ok
16:28:43.0087 0x0760 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:28:43.0090 0x0760 agp440 - ok
16:28:43.0115 0x0760 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:28:43.0119 0x0760 ALG - ok
16:28:43.0138 0x0760 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:28:43.0140 0x0760 aliide - ok
16:28:43.0150 0x0760 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:28:43.0152 0x0760 amdide - ok
16:28:43.0182 0x0760 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:28:43.0185 0x0760 AmdK8 - ok
16:28:43.0215 0x0760 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:28:43.0219 0x0760 AmdPPM - ok
16:28:43.0282 0x0760 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9, 786B30C86FA7FEC6BA2569FF818044AA0F7C134693304ED0FF7BD0541F9A755F ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:28:43.0287 0x0760 amdsata - ok
16:28:43.0319 0x0760 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:43.0328 0x0760 amdsbs - ok
16:28:43.0380 0x0760 [ DB27766102C7BF7E95140A2AA81D042E, 489F812B596EA06E53D891CD05047AA17CDF752854BBD553BA65D10799AF78DF ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:28:43.0382 0x0760 amdxata - ok
16:28:43.0418 0x0760 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
16:28:43.0421 0x0760 AppID - ok
16:28:43.0459 0x0760 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:28:43.0462 0x0760 AppIDSvc - ok
16:28:43.0488 0x0760 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
16:28:43.0492 0x0760 Appinfo - ok
16:28:43.0520 0x0760 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
16:28:43.0530 0x0760 AppMgmt - ok
16:28:43.0560 0x0760 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:28:43.0564 0x0760 arc - ok
16:28:43.0596 0x0760 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:28:43.0602 0x0760 arcsas - ok
16:28:43.0622 0x0760 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:43.0624 0x0760 AsyncMac - ok
16:28:43.0668 0x0760 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:28:43.0669 0x0760 atapi - ok
16:28:43.0744 0x0760 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:28:43.0767 0x0760 AudioEndpointBuilder - ok
16:28:43.0798 0x0760 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:28:43.0817 0x0760 AudioSrv - ok
16:28:43.0851 0x0760 [ 16FABE84916623D0607E4A975544032C, 9D960CAE27B1769ED5B024C0A3375912432521C73C1F59E21111596A7981BDC3 ] Avc C:\Windows\system32\DRIVERS\avc.sys
16:28:43.0853 0x0760 Avc - ok
16:28:43.0869 0x0760 [ 155F536D6181508929F4FE177F4167CE, 479B100DA05EDFADEDC6853B561FF3AC6A00403AB8A54F83887B8D0BB4D76886 ] AVCSTRM C:\Windows\system32\DRIVERS\avcstrm.sys
16:28:43.0870 0x0760 AVCSTRM - ok
16:28:43.0908 0x0760 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:28:43.0914 0x0760 AxInstSV - ok
16:28:43.0975 0x0760 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:43.0995 0x0760 b06bdrv - ok
16:28:44.0039 0x0760 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:44.0051 0x0760 b57nd60a - ok
16:28:44.0083 0x0760 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:28:44.0088 0x0760 BDESVC - ok
16:28:44.0108 0x0760 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:28:44.0109 0x0760 Beep - ok
16:28:44.0174 0x0760 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
16:28:44.0205 0x0760 BFE - ok
16:28:44.0694 0x0760 [ 613883A3BAC6920149C83ED751589433, 9846C1EE0916120C56F598AEA9C2C5B8F1AEDA06FDC3CCE8BAFD0480ACE93078 ] BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys
16:28:44.0731 0x0760 BHDrvx64 - ok
16:28:44.0831 0x0760 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
16:28:44.0871 0x0760 BITS - ok
16:28:44.0889 0x0760 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:44.0892 0x0760 blbdrive - ok
16:28:45.0075 0x0760 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:45.0095 0x0760 Bonjour Service - ok
16:28:45.0151 0x0760 [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:28:45.0156 0x0760 bowser - ok
16:28:45.0184 0x0760 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:45.0185 0x0760 BrFiltLo - ok
16:28:45.0193 0x0760 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:45.0194 0x0760 BrFiltUp - ok
16:28:45.0250 0x0760 [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
16:28:45.0257 0x0760 Browser - ok
16:28:45.0303 0x0760 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:28:45.0316 0x0760 Brserid - ok
16:28:45.0344 0x0760 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:45.0346 0x0760 BrSerWdm - ok
16:28:45.0367 0x0760 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:45.0369 0x0760 BrUsbMdm - ok
16:28:45.0379 0x0760 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:45.0381 0x0760 BrUsbSer - ok
16:28:45.0420 0x0760 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:28:45.0422 0x0760 BthEnum - ok
16:28:45.0455 0x0760 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:45.0460 0x0760 BTHMODEM - ok
16:28:45.0504 0x0760 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:28:45.0510 0x0760 BthPan - ok
16:28:45.0590 0x0760 [ D59773C7FDD3D795D6FE402EEEA8D71E, 9A26A1A3254D7BCDFADFFC9FD5D1A53A3DF12AC874FB2525AD33B87E42EFC5B1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:28:45.0614 0x0760 BTHPORT - ok
16:28:45.0648 0x0760 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:28:45.0652 0x0760 bthserv - ok
16:28:45.0678 0x0760 [ 8504842634DD144C075B6B0C982CCEC4, BFBB8D67F146FBD4813BB8B29A3865C222966DA2B043732A5BCD759A40F4E5CE ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:28:45.0682 0x0760 BTHUSB - ok
16:28:45.0738 0x0760 [ 0CA8ED7F262A3D0034F156BDFDF4814C, D1507D831AAF3508086D416BCA3A07C9DDCAAAED8B34A42F2B28BD0D808200DB ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:28:45.0751 0x0760 CAXHWAZL - ok
16:28:45.0867 0x0760 [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys
16:28:45.0874 0x0760 ccSet_NIS - ok
16:28:45.0912 0x0760 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:28:45.0917 0x0760 cdfs - ok
16:28:45.0963 0x0760 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:28:45.0970 0x0760 cdrom - ok
16:28:46.0029 0x0760 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
16:28:46.0034 0x0760 CertPropSvc - ok
16:28:46.0052 0x0760 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:28:46.0054 0x0760 circlass - ok
16:28:46.0095 0x0760 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:28:46.0112 0x0760 CLFS - ok
16:28:46.0196 0x0760 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:28:46.0200 0x0760 clr_optimization_v2.0.50727_32 - ok
16:28:46.0261 0x0760 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:28:46.0266 0x0760 clr_optimization_v2.0.50727_64 - ok
16:28:46.0384 0x0760 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:28:46.0390 0x0760 clr_optimization_v4.0.30319_32 - ok
16:28:46.0440 0x0760 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:28:46.0447 0x0760 clr_optimization_v4.0.30319_64 - ok
16:28:46.0481 0x0760 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:28:46.0482 0x0760 CmBatt - ok
16:28:46.0508 0x0760 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
16:28:46.0509 0x0760 cmdide - ok
16:28:46.0597 0x0760 [ CA7720B73446FDDEC5C69519C1174C98, F24796765587CC1D653A04783B1659564F42E600DA3AFA3DED724592B291D033 ] CNG C:\Windows\system32\Drivers\cng.sys
16:28:46.0618 0x0760 CNG - ok
16:28:46.0646 0x0760 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:28:46.0647 0x0760 Compbatt - ok
16:28:46.0669 0x0760 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:28:46.0672 0x0760 CompositeBus - ok
16:28:46.0681 0x0760 COMSysApp - ok
16:28:46.0708 0x0760 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:28:46.0710 0x0760 crcdisk - ok
16:28:46.0769 0x0760 [ F02786B66375292E58C8777082D4396D, EE7BCD10C014A16A06619EFD47226FAA1460A67CD7687EA8C38D63C71DBCD51B ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:28:46.0778 0x0760 CryptSvc - ok
16:28:46.0829 0x0760 [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC C:\Windows\system32\drivers\csc.sys
16:28:46.0850 0x0760 CSC - ok
16:28:46.0918 0x0760 [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService C:\Windows\System32\cscsvc.dll
16:28:46.0944 0x0760 CscService - ok
16:28:46.0994 0x0760 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:28:47.0010 0x0760 DcomLaunch - ok
16:28:47.0043 0x0760 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:28:47.0052 0x0760 defragsvc - ok
16:28:47.0106 0x0760 [ 9C253CE7311CA60FC11C774692A13208, 23507138576DB75AA8B7415140F7B5D8A90CB2661796223870461C721A36AEBF ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:28:47.0109 0x0760 DfsC - ok
16:28:47.0137 0x0760 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:28:47.0146 0x0760 Dhcp - ok
16:28:47.0179 0x0760 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:28:47.0180 0x0760 discache - ok
16:28:47.0201 0x0760 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:28:47.0203 0x0760 Disk - ok
16:28:47.0265 0x0760 [ 85CF424C74A1D5EC33533E1DBFF9920A, 882D5FA0D5EC053D76A0C46A6047A621D607651693CF94E5506219EECCC8D079 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:28:47.0274 0x0760 Dnscache - ok
16:28:47.0299 0x0760 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
16:28:47.0311 0x0760 dot3svc - ok
16:28:47.0345 0x0760 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
16:28:47.0354 0x0760 DPS - ok
16:28:47.0385 0x0760 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:28:47.0387 0x0760 drmkaud - ok
16:28:47.0504 0x0760 [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:28:47.0546 0x0760 DXGKrnl - ok
16:28:47.0591 0x0760 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:28:47.0597 0x0760 EapHost - ok
16:28:47.0794 0x0760 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:28:47.0867 0x0760 ebdrv - ok
16:28:48.0013 0x0760 [ 1B7AA375F711F66D5FF2B855F9EC987F, 151E3897A31F0E828D08EBBB9C10A60047B48534BB38349EF1C8D9245524CA58 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:28:48.0034 0x0760 eeCtrl - ok
16:28:48.0096 0x0760 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] EFS C:\Windows\System32\lsass.exe
16:28:48.0100 0x0760 EFS - ok
16:28:48.0226 0x0760 [ 47C071994C3F649F23D9CD075AC9304A, B7AA2DD6AD14F18A19620F5FB79D50C630D3750E72DD67BF8D105CC4F5CE1D46 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:28:48.0256 0x0760 ehRecvr - ok
16:28:48.0300 0x0760 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:28:48.0306 0x0760 ehSched - ok
16:28:48.0371 0x0760 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:28:48.0395 0x0760 elxstor - ok
16:28:48.0454 0x0760 [ 7230C8B80DDE1F0524C353240B78CC0E, 15F73EBFB9152010E7736AFE518A47C209E17DDB347A40C4CDA0D9BBD26D1176 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:28:48.0461 0x0760 EraserUtilRebootDrv - ok
16:28:48.0486 0x0760 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
16:28:48.0487 0x0760 ErrDev - ok
16:28:48.0553 0x0760 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:28:48.0573 0x0760 EventSystem - ok
16:28:48.0594 0x0760 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:28:48.0599 0x0760 exfat - ok
16:28:48.0655 0x0760 Fabs - ok
16:28:48.0697 0x0760 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:28:48.0706 0x0760 fastfat - ok
16:28:48.0773 0x0760 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
16:28:48.0801 0x0760 Fax - ok
16:28:48.0825 0x0760 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:28:48.0826 0x0760 fdc - ok
16:28:48.0861 0x0760 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:28:48.0863 0x0760 fdPHost - ok
16:28:48.0881 0x0760 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:28:48.0883 0x0760 FDResPub - ok
16:28:48.0914 0x0760 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:28:48.0916 0x0760 FileInfo - ok
16:28:48.0928 0x0760 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:28:48.0930 0x0760 Filetrace - ok
16:28:49.0150 0x0760 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:28:49.0217 0x0760 FirebirdServerMAGIXInstance - ok
16:28:49.0300 0x0760 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:28:49.0329 0x0760 FLEXnet Licensing Service - ok
16:28:49.0357 0x0760 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:28:49.0359 0x0760 flpydisk - ok
16:28:49.0420 0x0760 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:28:49.0433 0x0760 FltMgr - ok
16:28:49.0547 0x0760 [ CB5E4B9C319E3C6BB363EB7E58A4A051, C9DCF2C2A6AFE0A0F3E23A265843D0C423C08B2E54702C5B389CF293D9A6BAC5 ] FontCache C:\Windows\system32\FntCache.dll
16:28:49.0591 0x0760 FontCache - ok
16:28:49.0654 0x0760 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:49.0656 0x0760 FontCache3.0.0.0 - ok
16:28:49.0678 0x0760 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:28:49.0680 0x0760 FsDepends - ok
16:28:49.0732 0x0760 [ D3E3F93D67821A2DB2B3D9FAC2DC2064, 727FAA7E15A20ED3A37668D294ABDE6EAF1C87C34EE283C99EE3303E85001404 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:28:49.0734 0x0760 Fs_Rec - ok
16:28:49.0778 0x0760 [ AE87BA80D0EC3B57126ED2CDC15B24ED, 7E0EA3CDB78054D9A4E3B5142305943F2914536D80B8FC363414C8838D51D56C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:28:49.0788 0x0760 fvevol - ok
16:28:49.0817 0x0760 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:28:49.0821 0x0760 gagp30kx - ok
16:28:49.0897 0x0760 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
16:28:49.0932 0x0760 gpsvc - ok
16:28:50.0037 0x0760 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:50.0042 0x0760 gupdate - ok
16:28:50.0054 0x0760 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:50.0060 0x0760 gupdatem - ok
16:28:50.0093 0x0760 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:28:50.0095 0x0760 hcw85cir - ok
16:28:50.0151 0x0760 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:50.0166 0x0760 HdAudAddService - ok
16:28:50.0192 0x0760 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:28:50.0198 0x0760 HDAudBus - ok
16:28:50.0229 0x0760 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:28:50.0231 0x0760 HidBatt - ok
16:28:50.0261 0x0760 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:28:50.0266 0x0760 HidBth - ok
16:28:50.0314 0x0760 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:28:50.0317 0x0760 HidIr - ok
16:28:50.0349 0x0760 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:28:50.0353 0x0760 hidserv - ok
16:28:50.0381 0x0760 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:28:50.0383 0x0760 HidUsb - ok
16:28:50.0418 0x0760 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
16:28:50.0424 0x0760 hkmsvc - ok
16:28:50.0460 0x0760 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:50.0473 0x0760 HomeGroupListener - ok
16:28:50.0515 0x0760 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:50.0526 0x0760 HomeGroupProvider - ok
16:28:50.0553 0x0760 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
16:28:50.0559 0x0760 HpSAMD - ok
16:28:50.0690 0x0760 [ 8774D021A3FFFE44150F8510381DEEE6, A72D2FBCE94A147F26410CE9DCE46FAF428F3A7075CCEF739CEA0A9F61F21A77 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:28:50.0728 0x0760 HSF_DPV - ok
16:28:50.0777 0x0760 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:28:50.0794 0x0760 HTTP - ok
16:28:50.0808 0x0760 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:28:50.0809 0x0760 hwpolicy - ok
16:28:50.0840 0x0760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:28:50.0843 0x0760 i8042prt - ok
16:28:50.0924 0x0760 [ B75E45C564E944A2657167D197AB29DA, 622EA73F4D9CAE17628C18148FB241817A0AE6D80A74B099204ED27C1A750B24 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:28:50.0942 0x0760 iaStorV - ok
16:28:51.0062 0x0760 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:28:51.0099 0x0760 idsvc - ok
16:28:51.0253 0x0760 [ D7CB14B41DA52DF2EC143768E02F0E97, 97D6A49CA10508454F487F87F14249AE11646E365E89E3A2854AE05834DE9575 ] IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys
16:28:51.0276 0x0760 IDSVia64 - ok
16:28:51.0627 0x0760 [ 24CC43ECDEEFD4C19FBBEE4951B647F1, 416799965E6602F8F03E2A92E8BB42B1D5643C65EF09815FC5A56A2FA73E6773 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:51.0763 0x0760 igfx - ok
16:28:51.0814 0x0760 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:28:51.0816 0x0760 iirsp - ok
16:28:51.0900 0x0760 [ 2F95BEF56AEEEB45DE55EC44668E2695, A846FA2A4A426252EA351B593E8C887BFE02EB137E9F0C9AEB094465A4555235 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
16:28:51.0905 0x0760 IJPLMSVC - ok
16:28:51.0975 0x0760 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
16:28:52.0013 0x0760 IKEEXT - ok
16:28:52.0037 0x0760 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:28:52.0039 0x0760 intelide - ok
16:28:52.0075 0x0760 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:28:52.0078 0x0760 intelppm - ok
16:28:52.0110 0x0760 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:28:52.0116 0x0760 IPBusEnum - ok
16:28:52.0140 0x0760 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:52.0145 0x0760 IpFilterDriver - ok
16:28:52.0202 0x0760 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:28:52.0229 0x0760 iphlpsvc - ok
16:28:52.0271 0x0760 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:28:52.0275 0x0760 IPMIDRV - ok
16:28:52.0309 0x0760 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:28:52.0315 0x0760 IPNAT - ok
16:28:52.0341 0x0760 [ 05360B1EA5A2ABF620D1D96EBD8BD8F1, 226185C9ED1F6367BE4937734FF528D1EAAC1F0F85E4735EE66B244C15FC8EAF ] irda C:\Windows\system32\DRIVERS\irda.sys
16:28:52.0347 0x0760 irda - ok
16:28:52.0369 0x0760 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:28:52.0371 0x0760 IRENUM - ok
16:28:52.0395 0x0760 [ 3848384AB383F0A8F506C4370635C1F9, A18BAAAD42CFC5B33D8108875D1FC1A424351B6901798E7B2A5EB82C4C0F89AC ] Irmon C:\Windows\System32\irmon.dll
16:28:52.0398 0x0760 Irmon - ok
16:28:52.0420 0x0760 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
16:28:52.0422 0x0760 isapnp - ok
16:28:52.0476 0x0760 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:28:52.0486 0x0760 iScsiPrt - ok
16:28:52.0510 0x0760 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:28:52.0513 0x0760 kbdclass - ok
16:28:52.0530 0x0760 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:28:52.0532 0x0760 kbdhid - ok
16:28:52.0551 0x0760 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] KeyIso C:\Windows\system32\lsass.exe
16:28:52.0555 0x0760 KeyIso - ok
16:28:52.0614 0x0760 [ 4F4B5FDE429416877DE7143044582EB5, A28FFEA078DBD91F3CC28088810EEEB727107B3F0F48370B44D87DC8F8C55B99 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:28:52.0619 0x0760 KSecDD - ok
16:28:52.0649 0x0760 [ 6F40465A44ECDC1731BEFAFEC5BDD03C, 317334D414D0AF73CB4D9CA11EA80C641E786760B8800F2795D0CB38378DBB80 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:28:52.0656 0x0760 KSecPkg - ok
16:28:52.0679 0x0760 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:28:52.0681 0x0760 ksthunk - ok
16:28:52.0731 0x0760 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:28:52.0750 0x0760 KtmRm - ok
16:28:52.0819 0x0760 [ 81F1D04D4D0E433099365127375FD501, C2A81B5A482C974E8108806486EC28CB2D81400D42639682FE7B7A9BDF14BA9B ] LanmanServer C:\Windows\system32\srvsvc.dll
16:28:52.0833 0x0760 LanmanServer - ok
16:28:52.0876 0x0760 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:52.0885 0x0760 LanmanWorkstation - ok
16:28:52.0910 0x0760 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:28:52.0913 0x0760 lltdio - ok
16:28:52.0962 0x0760 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:28:52.0977 0x0760 lltdsvc - ok
16:28:52.0995 0x0760 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:28:52.0998 0x0760 lmhosts - ok
16:28:53.0048 0x0760 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:28:53.0054 0x0760 LSI_FC - ok
16:28:53.0078 0x0760 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:28:53.0083 0x0760 LSI_SAS - ok
16:28:53.0107 0x0760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:28:53.0111 0x0760 LSI_SAS2 - ok
16:28:53.0139 0x0760 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:28:53.0145 0x0760 LSI_SCSI - ok
16:28:53.0173 0x0760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:28:53.0179 0x0760 luafv - ok
16:28:53.0231 0x0760 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:28:53.0232 0x0760 MBAMProtector - ok
16:28:53.0430 0x0760 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\Test1234\mbamscheduler.exe
16:28:53.0474 0x0760 MBAMScheduler - ok
16:28:53.0535 0x0760 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\Test1234\mbamservice.exe
16:28:53.0558 0x0760 MBAMService - ok
16:28:53.0622 0x0760 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:28:53.0626 0x0760 MBAMSwissArmy - ok
16:28:53.0677 0x0760 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:28:53.0681 0x0760 MBAMWebAccessControl - ok
16:28:53.0717 0x0760 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:28:53.0724 0x0760 Mcx2Svc - ok
16:28:53.0806 0x0760 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
16:28:53.0821 0x0760 MDM - ok
16:28:53.0839 0x0760 [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:28:53.0841 0x0760 mdmxsdk - ok
16:28:53.0866 0x0760 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:28:53.0868 0x0760 megasas - ok
16:28:53.0924 0x0760 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:28:53.0936 0x0760 MegaSR - ok
16:28:54.0030 0x0760 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:28:54.0034 0x0760 Microsoft Office Groove Audit Service - ok
16:28:54.0081 0x0760 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:28:54.0087 0x0760 MMCSS - ok
16:28:54.0108 0x0760 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:28:54.0111 0x0760 Modem - ok
16:28:54.0123 0x0760 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:28:54.0125 0x0760 monitor - ok
16:28:54.0147 0x0760 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:28:54.0150 0x0760 mouclass - ok
16:28:54.0188 0x0760 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:28:54.0190 0x0760 mouhid - ok
16:28:54.0221 0x0760 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:28:54.0225 0x0760 mountmgr - ok
16:28:54.0290 0x0760 [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:28:54.0295 0x0760 MozillaMaintenance - ok
16:28:54.0327 0x0760 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
16:28:54.0335 0x0760 mpio - ok
16:28:54.0368 0x0760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:28:54.0372 0x0760 mpsdrv - ok
16:28:54.0457 0x0760 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:28:54.0495 0x0760 MpsSvc - ok
16:28:54.0530 0x0760 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:28:54.0537 0x0760 MRxDAV - ok
16:28:54.0593 0x0760 [ 040D62A9D8AD28922632137ACDD984F2, D9457BDA88C2E3AA4E716C0657B77A4A3E212328CDABD5C18279B6440E1C1594 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:54.0600 0x0760 mrxsmb - ok
16:28:54.0664 0x0760 [ F0067552F8F9B33D7C59403AB808A3CB, 698B63528E1943BB4253BF7578DC128AA824C71BD04FF0521277E68B20656C02 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:54.0677 0x0760 mrxsmb10 - ok
16:28:54.0705 0x0760 [ 3C142D31DE9F2F193218A53FE2632051, 026B3A932A95D5160B64E470FC414F3D388D429317D5EAEA2D476F715C4CAE75 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:54.0711 0x0760 mrxsmb20 - ok
16:28:54.0728 0x0760 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
16:28:54.0730 0x0760 msahci - ok
16:28:54.0772 0x0760 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
16:28:54.0778 0x0760 msdsm - ok
16:28:54.0832 0x0760 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:28:54.0841 0x0760 MSDTC - ok
16:28:54.0873 0x0760 [ 72949A24D37A20A54B3D4D3DADBB55E9, 580B59EF2DFA4F6EE27BA37904F0705CBCD74F9B07D2D795093C045F94AE6DB5 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
16:28:54.0877 0x0760 MSDV - ok
16:28:54.0903 0x0760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:28:54.0905 0x0760 Msfs - ok
16:28:54.0921 0x0760 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:28:54.0922 0x0760 mshidkmdf - ok
16:28:54.0936 0x0760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
16:28:54.0938 0x0760 msisadrv - ok
16:28:54.0971 0x0760 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:28:54.0980 0x0760 MSiSCSI - ok
16:28:54.0989 0x0760 msiserver - ok
16:28:55.0012 0x0760 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:28:55.0014 0x0760 MSKSSRV - ok
16:28:55.0054 0x0760 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:55.0056 0x0760 MSPCLOCK - ok
16:28:55.0076 0x0760 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:28:55.0077 0x0760 MSPQM - ok
16:28:55.0129 0x0760 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:28:55.0145 0x0760 MsRPC - ok
16:28:55.0173 0x0760 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:28:55.0175 0x0760 mssmbios - ok
16:28:55.0215 0x0760 [ 966EC55988D580B9823C453781309450, 52942A68A3DE6C6A9730D27667A0AAA35B65889C37B243B83CC9B54DFAFE4A2D ] MSTAPE C:\Windows\system32\DRIVERS\mstape.sys
16:28:55.0218 0x0760 MSTAPE - ok
16:28:55.0240 0x0760 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:28:55.0241 0x0760 MSTEE - ok
16:28:55.0264 0x0760 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:28:55.0266 0x0760 MTConfig - ok
16:28:55.0297 0x0760 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:28:55.0301 0x0760 Mup - ok
16:28:55.0356 0x0760 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
16:28:55.0374 0x0760 napagent - ok
16:28:55.0405 0x0760 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:28:55.0415 0x0760 NativeWifiP - ok
16:28:55.0565 0x0760 [ 702E07EC32F96ACDB873E9A5465D4401, 2C6B1C8BA0BF4791AEA064062DCA3678AE4443DF19DB37D6CB55BA6297D8A238 ] NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\ENG64.SYS
16:28:55.0571 0x0760 NAVENG - ok
16:28:55.0802 0x0760 [ 302EA314A1AF0D7CEF0A3D0195F79561, 046DBC2D9D028F2D2E8BAE745CA2ADEF42741689BFF743A13B81EA4228DDCDC6 ] NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\EX64.SYS
16:28:55.0858 0x0760 NAVEX15 - ok
16:28:55.0993 0x0760 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
16:28:56.0030 0x0760 NDIS - ok
16:28:56.0048 0x0760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:56.0050 0x0760 NdisCap - ok
16:28:56.0081 0x0760 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:56.0083 0x0760 NdisTapi - ok
16:28:56.0094 0x0760 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:56.0096 0x0760 Ndisuio - ok
16:28:56.0117 0x0760 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:56.0122 0x0760 NdisWan - ok
16:28:56.0134 0x0760 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:28:56.0136 0x0760 NDProxy - ok
16:28:56.0185 0x0760 [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
16:28:56.0187 0x0760 Netaapl - ok
16:28:56.0216 0x0760 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:28:56.0219 0x0760 NetBIOS - ok
16:28:56.0253 0x0760 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:28:56.0265 0x0760 NetBT - ok
16:28:56.0284 0x0760 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] Netlogon C:\Windows\system32\lsass.exe
16:28:56.0288 0x0760 Netlogon - ok
16:28:56.0338 0x0760 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:28:56.0357 0x0760 Netman - ok
16:28:56.0393 0x0760 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:28:56.0416 0x0760 netprofm - ok
16:28:56.0458 0x0760 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:28:56.0461 0x0760 NetTcpPortSharing - ok
16:28:56.0744 0x0760 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
16:28:56.0866 0x0760 netw5v64 - ok
16:28:56.0932 0x0760 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:28:56.0935 0x0760 nfrd960 - ok
16:28:57.0146 0x0760 [ 2393ACEBBCFF7BAFF04EB60C96914E17, DE97BEE4B8454D86B1CF8E2748CFFB3A1560CE962E1F3611E5B3542C1496A038 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
16:28:57.0158 0x0760 NIS - ok
16:28:57.0216 0x0760 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
16:28:57.0232 0x0760 NlaSvc - ok
16:28:57.0259 0x0760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:28:57.0262 0x0760 Npfs - ok
16:28:57.0289 0x0760 [ 228C7CF50A584DD58E72FCEFAC7D8914, DD5BF3B09952BE9D7EFD6B27398A36B1DF992807CF03503BA4D2AC21B3679791 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
16:28:57.0291 0x0760 NSCIRDA - ok
16:28:57.0315 0x0760 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:28:57.0320 0x0760 nsi - ok
16:28:57.0333 0x0760 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:28:57.0335 0x0760 nsiproxy - ok
16:28:57.0485 0x0760 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC, 2A78A36A729B271FE54A54E507EBC9AD9B9D764DBCB58AC3CBB8FC76D0075391 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:28:57.0523 0x0760 Ntfs - ok
16:28:57.0561 0x0760 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:28:57.0562 0x0760 Null - ok
16:28:57.0612 0x0760 [ A4D9C9A608A97F59307C2F2600EDC6A4, D786F4CA2D10BAC31CE14A338C442F7027D4BB2E955AB99BC44C2F241D383BBE ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:28:57.0617 0x0760 nvraid - ok
16:28:57.0678 0x0760 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9, 8D5337742A0F5B04D636C163CE77D4A9B3684CF81170026912A402513B44BA77 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:28:57.0686 0x0760 nvstor - ok
16:28:57.0715 0x0760 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
16:28:57.0721 0x0760 nv_agp - ok
16:28:57.0810 0x0760 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:28:57.0829 0x0760 odserv - ok
16:28:57.0862 0x0760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:28:57.0866 0x0760 ohci1394 - ok
16:28:57.0901 0x0760 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:57.0908 0x0760 ose - ok
16:28:57.0971 0x0760 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:28:57.0988 0x0760 p2pimsvc - ok
16:28:58.0044 0x0760 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:28:58.0065 0x0760 p2psvc - ok
16:28:58.0096 0x0760 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:28:58.0099 0x0760 Parport - ok
16:28:58.0155 0x0760 [ 90061B1ACFE8CCAA5345750FFE08D8B8, 76309683FFDF380AF9C6E1D9A52E46B011A0BF1026D747181D01F3312B7541C7 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:28:58.0159 0x0760 partmgr - ok
16:28:58.0191 0x0760 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
16:28:58.0202 0x0760 PcaSvc - ok
16:28:58.0230 0x0760 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
16:28:58.0238 0x0760 pci - ok
16:28:58.0254 0x0760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
16:28:58.0256 0x0760 pciide - ok
16:28:58.0290 0x0760 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:28:58.0300 0x0760 pcmcia - ok
16:28:58.0318 0x0760 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:28:58.0322 0x0760 pcw - ok
16:28:58.0384 0x0760 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:28:58.0407 0x0760 PEAUTH - ok
16:28:58.0519 0x0760 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:28:58.0555 0x0760 PeerDistSvc - ok
16:28:58.0655 0x0760 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:28:58.0657 0x0760 PerfHost - ok
16:28:58.0765 0x0760 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
16:28:58.0803 0x0760 pla - ok
16:28:58.0883 0x0760 [ 98B1721B8718164293B9701B98C52D77, 27F5F00D4AA394D4D8D0A0062EDC3F944B603E07CAAEDC5CC959BA1E8C208C2A ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:28:58.0905 0x0760 PlugPlay - ok
16:28:58.0939 0x0760 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:28:58.0944 0x0760 PNRPAutoReg - ok
16:28:58.0979 0x0760 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:28:58.0992 0x0760 PNRPsvc - ok
16:28:59.0051 0x0760 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:28:59.0068 0x0760 PolicyAgent - ok
16:28:59.0106 0x0760 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
16:28:59.0115 0x0760 Power - ok
16:28:59.0151 0x0760 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:28:59.0155 0x0760 PptpMiniport - ok
16:28:59.0183 0x0760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:28:59.0186 0x0760 Processor - ok
16:28:59.0245 0x0760 [ 97293447431311C06703368AD0F6C4BE, 302A3CA8F6961717D95469B20A8A71954D4ECFCDF4638238D3D44AAE5A8D9B8B ] ProfSvc C:\Windows\system32\profsvc.dll
16:28:59.0258 0x0760 ProfSvc - ok
16:28:59.0273 0x0760 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:28:59.0276 0x0760 ProtectedStorage - ok
16:28:59.0305 0x0760 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:28:59.0310 0x0760 Psched - ok
16:28:59.0430 0x0760 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:28:59.0476 0x0760 ql2300 - ok
16:28:59.0512 0x0760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:28:59.0516 0x0760 ql40xx - ok
16:28:59.0556 0x0760 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:28:59.0565 0x0760 QWAVE - ok
16:28:59.0576 0x0760 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:28:59.0578 0x0760 QWAVEdrv - ok
16:28:59.0609 0x0760 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:28:59.0610 0x0760 RasAcd - ok
16:28:59.0642 0x0760 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:59.0644 0x0760 RasAgileVpn - ok
16:28:59.0666 0x0760 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:28:59.0671 0x0760 RasAuto - ok
16:28:59.0689 0x0760 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:59.0693 0x0760 Rasl2tp - ok
16:28:59.0729 0x0760 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
16:28:59.0741 0x0760 RasMan - ok
16:28:59.0766 0x0760 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:59.0769 0x0760 RasPppoe - ok
16:28:59.0803 0x0760 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:28:59.0806 0x0760 RasSstp - ok
16:28:59.0833 0x0760 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:28:59.0841 0x0760 rdbss - ok
16:28:59.0860 0x0760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:28:59.0861 0x0760 rdpbus - ok
16:28:59.0881 0x0760 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:28:59.0882 0x0760 RDPCDD - ok
16:28:59.0910 0x0760 [ 9706B84DBABFC4B4CA46C5A82B14DFA3, AFDC07C257BCB768861483A1842FFB647523946B16DA2812EFAE4FD3252BA303 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:28:59.0915 0x0760 RDPDR - ok
16:28:59.0936 0x0760 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:28:59.0937 0x0760 RDPENCDD - ok
16:28:59.0951 0x0760 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:28:59.0952 0x0760 RDPREFMP - ok
16:29:00.0022 0x0760 [ 447DE7E3DEA39D422C1504F245B668B1, C54D90D2F9405E011E490D3C2F0F64488B87B969C95E367C076BBFCFD8654909 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:29:00.0031 0x0760 RDPWD - ok
16:29:00.0080 0x0760 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:29:00.0090 0x0760 rdyboost - ok
16:29:00.0133 0x0760 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:29:00.0140 0x0760 RemoteAccess - ok
16:29:00.0179 0x0760 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:29:00.0190 0x0760 RemoteRegistry - ok
16:29:00.0231 0x0760 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:29:00.0238 0x0760 RFCOMM - ok
16:29:00.0263 0x0760 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:29:00.0270 0x0760 RpcEptMapper - ok
16:29:00.0283 0x0760 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:29:00.0287 0x0760 RpcLocator - ok
16:29:00.0335 0x0760 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
16:29:00.0361 0x0760 RpcSs - ok
16:29:00.0391 0x0760 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:29:00.0394 0x0760 rspndr - ok
16:29:00.0416 0x0760 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6, C890DCCC875F957CAAD4655EBFF384E3C5998040CA2BA360E92C96A647D1C399 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
16:29:00.0417 0x0760 s3cap - ok
16:29:00.0428 0x0760 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] SamSs C:\Windows\system32\lsass.exe
16:29:00.0431 0x0760 SamSs - ok
16:29:00.0453 0x0760 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
16:29:00.0457 0x0760 sbp2port - ok
16:29:00.0491 0x0760 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:29:00.0498 0x0760 SCardSvr - ok
16:29:00.0517 0x0760 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:29:00.0519 0x0760 scfilter - ok
16:29:00.0641 0x0760 [ 624D0F5FF99428BB90A5B8A4123E918E, 90A43E6F09B56CB86A3E3851F8E5ABB74905AEB70296F4B87BEDBC3027E65E86 ] Schedule C:\Windows\system32\schedsvc.dll
16:29:00.0674 0x0760 Schedule - ok
16:29:00.0705 0x0760 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:29:00.0708 0x0760 SCPolicySvc - ok
16:29:00.0741 0x0760 [ 54E47AD086782D3AE9417C155CDCEB9B, 5143DC43B89F9143A56505FA20841AF15E7785A87F88195B08B3E09B87472A07 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:29:00.0744 0x0760 sdbus - ok
16:29:00.0779 0x0760 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:29:00.0786 0x0760 SDRSVC - ok
16:29:00.0819 0x0760 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:29:00.0820 0x0760 secdrv - ok
16:29:00.0841 0x0760 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
16:29:00.0846 0x0760 seclogon - ok
16:29:00.0869 0x0760 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
16:29:00.0876 0x0760 SENS - ok
16:29:00.0895 0x0760 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:29:00.0900 0x0760 SensrSvc - ok
16:29:00.0921 0x0760 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:29:00.0923 0x0760 Serenum - ok
16:29:00.0950 0x0760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:29:00.0955 0x0760 Serial - ok
16:29:00.0965 0x0760 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:29:00.0968 0x0760 sermouse - ok
16:29:01.0024 0x0760 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
16:29:01.0032 0x0760 SessionEnv - ok
16:29:01.0061 0x0760 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:29:01.0063 0x0760 sffdisk - ok
16:29:01.0073 0x0760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:29:01.0074 0x0760 sffp_mmc - ok
16:29:01.0091 0x0760 [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:29:01.0093 0x0760 sffp_sd - ok
16:29:01.0110 0x0760 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:29:01.0112 0x0760 sfloppy - ok
16:29:01.0174 0x0760 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:29:01.0192 0x0760 SharedAccess - ok
16:29:01.0233 0x0760 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:29:01.0253 0x0760 ShellHWDetection - ok
16:29:01.0285 0x0760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:29:01.0288 0x0760 SiSRaid2 - ok
16:29:01.0313 0x0760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:29:01.0317 0x0760 SiSRaid4 - ok
16:29:01.0348 0x0760 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:29:01.0353 0x0760 Smb - ok
16:29:01.0405 0x0760 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:29:01.0410 0x0760 SNMPTRAP - ok
16:29:01.0421 0x0760 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:29:01.0423 0x0760 spldr - ok
16:29:01.0507 0x0760 [ 567977DC43CC13C4C35ED7084C0B84D5, 93EEC3ABA66DA83157F49F056EF1CB3355122204F2BB0F8B618064AF47D59A61 ] Spooler C:\Windows\System32\spoolsv.exe
16:29:01.0535 0x0760 Spooler - ok
16:29:01.0746 0x0760 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
16:29:01.0826 0x0760 sppsvc - ok
16:29:01.0920 0x0760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:29:01.0927 0x0760 sppuinotify - ok
16:29:02.0014 0x0760 [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\System32\Drivers\sptd.sys
16:29:02.0040 0x0760 sptd - ok
16:29:02.0175 0x0760 [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS
16:29:02.0212 0x0760 SRTSP - ok
16:29:02.0248 0x0760 [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS
16:29:02.0251 0x0760 SRTSPX - ok
16:29:02.0331 0x0760 [ 2408C0366D96BCDF63E8F1C78E4A29C5, 66F646890695B5D80536E88B1566C8765D89CFE25954ED650F6D773EFF045016 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:29:02.0351 0x0760 srv - ok
16:29:02.0396 0x0760 [ 76548F7B818881B47D8D1AE1BE9C11F8, 8F1356B07A6A55746FC71B6DB0322128941AE890850196F2B19BC01E6FC9B41C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:29:02.0414 0x0760 srv2 - ok
16:29:02.0470 0x0760 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:29:02.0484 0x0760 SrvHsfHDA - ok
16:29:02.0598 0x0760 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:29:02.0636 0x0760 SrvHsfV92 - ok
16:29:02.0685 0x0760 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:29:02.0702 0x0760 SrvHsfWinac - ok
16:29:02.0766 0x0760 [ 0AF6E19D39C70844C5CAA8FB0183C36E, 4494EEFDEA7198888D32E74727E5BC0AC628FFA70B1FE7EB59DBEEDC1A95D0DD ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:29:02.0774 0x0760 srvnet - ok
16:29:02.0818 0x0760 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:29:02.0831 0x0760 SSDPSRV - ok
16:29:02.0847 0x0760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:29:02.0855 0x0760 SstpSvc - ok
16:29:02.0918 0x0760 [ E5C796B621F6FBA8616511063D7F0FFE, 447FA64F552D4B04AD029E01485B4438A70D9B9B98EB49A883D5B17ED4C1D52F ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:29:02.0934 0x0760 StarWindServiceAE - ok
16:29:02.0964 0x0760 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:29:02.0966 0x0760 stexstor - ok
16:29:03.0030 0x0760 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
16:29:03.0059 0x0760 stisvc - ok
16:29:03.0086 0x0760 [ FFD7A6F15B14234B5B0E5D49E7961895, 9553BDB65D021DA621BDFF1C180B9F4C6355FC748BAE854CE114D4B3EFF307B7 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:29:03.0090 0x0760 storflt - ok
16:29:03.0108 0x0760 [ 8FCCBEFC5C440B3C23454656E551B09A, 392A38D0B18B7FD08ACBE3E56ADCB235FA49BDB99F81E0820434D57332FA8FF7 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
16:29:03.0111 0x0760 storvsc - ok
16:29:03.0126 0x0760 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:29:03.0128 0x0760 swenum - ok
16:29:03.0190 0x0760 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:29:03.0217 0x0760 swprv - ok
16:29:03.0295 0x0760 [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS
16:29:03.0316 0x0760 SymDS - ok
16:29:03.0440 0x0760 [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS
16:29:03.0480 0x0760 SymEFA - ok
16:29:03.0535 0x0760 [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:29:03.0543 0x0760 SymEvent - ok
16:29:03.0603 0x0760 [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS
16:29:03.0616 0x0760 SymIRON - ok
16:29:03.0692 0x0760 [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS
16:29:03.0718 0x0760 SymNetS - ok
16:29:03.0868 0x0760 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
16:29:03.0923 0x0760 SysMain - ok
16:29:04.0038 0x0760 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:29:04.0047 0x0760 TabletInputService - ok
16:29:04.0080 0x0760 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:29:04.0098 0x0760 TapiSrv - ok
16:29:04.0119 0x0760 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:29:04.0126 0x0760 TBS - ok
16:29:04.0289 0x0760 [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:29:04.0345 0x0760 Tcpip - ok
16:29:04.0430 0x0760 [ 624C5B3AA4C99B3184BB922D9ECE3FF0, DF9527CBA335A51513FBFFD95DAF3FA79A19F2B417C533EE384D397FB1E0889E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:29:04.0472 0x0760 TCPIP6 - ok
16:29:04.0523 0x0760 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:29:04.0526 0x0760 tcpipreg - ok
16:29:04.0553 0x0760 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:29:04.0554 0x0760 TDPIPE - ok
16:29:04.0601 0x0760 [ 7518F7BCFD4B308ABC9192BACAF6C970, CF08E547EF4059DA3F5A2FCBA98939E84092BB6E0E37F9BBCD1E4D9EBB8A58BB ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:29:04.0603 0x0760 TDTCP - ok
16:29:04.0635 0x0760 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:29:04.0640 0x0760 tdx - ok
16:29:04.0668 0x0760 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:29:04.0672 0x0760 TermDD - ok
16:29:04.0747 0x0760 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
16:29:04.0781 0x0760 TermService - ok
16:29:04.0806 0x0760 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:29:04.0810 0x0760 Themes - ok
16:29:04.0823 0x0760 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:29:04.0827 0x0760 THREADORDER - ok
16:29:04.0868 0x0760 [ 7E673A9711C616D63C33247A51E4C3F7, 77E78C8D182B387681A0ECC0EEEA9C27687E95030B68AAEA4CA132B020AD0791 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
16:29:04.0876 0x0760 tifm21 - ok
16:29:04.0907 0x0760 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:29:04.0913 0x0760 TrkWks - ok
16:29:04.0983 0x0760 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:29:04.0992 0x0760 TrustedInstaller - ok
16:29:05.0011 0x0760 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:05.0014 0x0760 tssecsrv - ok
16:29:05.0046 0x0760 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:29:05.0053 0x0760 tunnel - ok
16:29:05.0078 0x0760 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:29:05.0082 0x0760 uagp35 - ok
16:29:05.0122 0x0760 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:29:05.0137 0x0760 udfs - ok
16:29:05.0171 0x0760 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:29:05.0177 0x0760 UI0Detect - ok
16:29:05.0204 0x0760 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
16:29:05.0207 0x0760 uliagpkx - ok
16:29:05.0236 0x0760 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:29:05.0239 0x0760 umbus - ok
16:29:05.0259 0x0760 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:29:05.0261 0x0760 UmPass - ok
16:29:05.0300 0x0760 [ AF0AC98EE5077EB844413EB54287FDE3, 1586326510DE94E2735EFAD94A68D06DB5B7347B68055A9EA8B95E19D91A2E69 ] UmRdpService C:\Windows\System32\umrdp.dll
16:29:05.0312 0x0760 UmRdpService - ok
16:29:05.0351 0x0760 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:29:05.0371 0x0760 upnphost - ok
16:29:05.0403 0x0760 [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:29:05.0407 0x0760 USBAAPL64 - ok
16:29:05.0464 0x0760 [ 77B01BC848298223A95D4EC23E1785A1, 7D0FBBA746588401400226BB966507EE34EEBB2F4F16607601E3D7383CAD34E2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:29:05.0470 0x0760 usbaudio - ok
16:29:05.0526 0x0760 [ 7B6A127C93EE590E4D79A5F2A76FE46F, 6F178916EF6D58D1E5B26C0D9D95C276B776505BFC9F716BB1E3ABD3B2B72FCE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:05.0531 0x0760 usbccgp - ok
16:29:05.0572 0x0760 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
16:29:05.0577 0x0760 usbcir - ok
16:29:05.0618 0x0760 [ 92969BA5AC44E229C55A332864F79677, 4ED1E1049E7641D3FFF5D296F2D59060225CE52AB9F7B5CA618898B46A772F98 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:29:05.0621 0x0760 usbehci - ok
16:29:05.0688 0x0760 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3, AA751288EC34D61D934D7E8C036B60BBCEDC2A746815623478BB015D87D6A998 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:29:05.0703 0x0760 usbhub - ok
16:29:05.0759 0x0760 [ F1BB1E55F1E7A65C5839CCC7B36D773E, 4F517F81FA5688D78D3627EA7D2EA16AD4EB410D7624FE483C7AF26951E579A9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:29:05.0761 0x0760 usbohci - ok
16:29:05.0800 0x0760 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:29:05.0803 0x0760 usbprint - ok
16:29:05.0851 0x0760 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:29:05.0854 0x0760 usbscan - ok
16:29:05.0901 0x0760 [ F39983647BC1F3E6100778DDFE9DCE29, 3BD36594F7C753680DB5A4354B1D6A33FC3011631D2D56DD4B2464AA99C85F7B ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:05.0906 0x0760 USBSTOR - ok
16:29:05.0960 0x0760 [ BC3070350A491D84B518D7CCA9ABD36F, 96FFF9F76A93CF4806297AE7C11A5C6D1E7A9980260E6CFC960F8247D5032161 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:29:05.0962 0x0760 usbuhci - ok
16:29:06.0018 0x0760 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:29:06.0024 0x0760 UxSms - ok
16:29:06.0061 0x0760 [ 156F6159457D0AA7E59B62681B56EB90, 27B855BF79490E4CC58D38A920C077A56785494BFFF0B448A898486009B24937 ] VaultSvc C:\Windows\system32\lsass.exe
16:29:06.0065 0x0760 VaultSvc - ok
16:29:06.0105 0x0760 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
16:29:06.0107 0x0760 vdrvroot - ok
16:29:06.0191 0x0760 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
16:29:06.0218 0x0760 vds - ok
16:29:06.0260 0x0760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:06.0263 0x0760 vga - ok
16:29:06.0316 0x0760 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:29:06.0318 0x0760 VgaSave - ok
16:29:06.0363 0x0760 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
16:29:06.0374 0x0760 vhdmp - ok
16:29:06.0396 0x0760 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
16:29:06.0399 0x0760 viaide - ok
16:29:06.0430 0x0760 [ 1501699D7EDA984ABC4155A7DA5738D1, 448DFEFF565F1467F387E4EC9782DDD48B8FFDDF6B1EA46A790C2782C20BD952 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
16:29:06.0439 0x0760 vmbus - ok
16:29:06.0457 0x0760 [ AE10C35761889E65A6F7176937C5592C, 9DC27647B6149C9B2523799F85B18122CCE749264624FE2E5FE843FE00642BBE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
16:29:06.0459 0x0760 VMBusHID - ok
16:29:06.0484 0x0760 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
16:29:06.0488 0x0760 volmgr - ok
16:29:06.0528 0x0760 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:29:06.0545 0x0760 volmgrx - ok
16:29:06.0575 0x0760 [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
16:29:06.0583 0x0760 volsnap - ok
16:29:06.0607 0x0760 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:29:06.0612 0x0760 vsmraid - ok
16:29:06.0719 0x0760 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
16:29:06.0762 0x0760 VSS - ok
16:29:06.0781 0x0760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:29:06.0782 0x0760 vwifibus - ok
16:29:06.0840 0x0760 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:29:06.0861 0x0760 W32Time - ok
16:29:06.0896 0x0760 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:29:06.0898 0x0760 WacomPen - ok
16:29:06.0919 0x0760 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:29:06.0924 0x0760 WANARP - ok
16:29:06.0936 0x0760 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:29:06.0941 0x0760 Wanarpv6 - ok
16:29:07.0056 0x0760 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
16:29:07.0113 0x0760 wbengine - ok
16:29:07.0238 0x0760 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:29:07.0250 0x0760 WbioSrvc - ok
16:29:07.0332 0x0760 [ DD1BAE8EBFC653824D29CCF8C9054D68, 81D6640222FE276D721168745F6BB905D4E756909A9B2C706AF25465D748772D ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:29:07.0352 0x0760 wcncsvc - ok
16:29:07.0377 0x0760 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:29:07.0384 0x0760 WcsPlugInService - ok
16:29:07.0422 0x0760 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:29:07.0424 0x0760 Wd - ok
16:29:07.0490 0x0760 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:29:07.0517 0x0760 Wdf01000 - ok
16:29:07.0556 0x0760 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:29:07.0561 0x0760 WdiServiceHost - ok
16:29:07.0569 0x0760 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:29:07.0574 0x0760 WdiSystemHost - ok
16:29:07.0642 0x0760 [ 733006127F235BE7C35354EBEE7B9A7B, 2C7E7030D586C36261F33F29883337695493D48CEA415D6DBA7C5635845A5B32 ] WebClient C:\Windows\System32\webclnt.dll
16:29:07.0658 0x0760 WebClient - ok
16:29:07.0696 0x0760 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:29:07.0711 0x0760 Wecsvc - ok
16:29:07.0738 0x0760 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:29:07.0747 0x0760 wercplsupport - ok
16:29:07.0768 0x0760 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:29:07.0776 0x0760 WerSvc - ok
16:29:07.0802 0x0760 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:29:07.0804 0x0760 WfpLwf - ok
16:29:07.0827 0x0760 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:29:07.0829 0x0760 WIMMount - ok
16:29:07.0898 0x0760 [ 47E8FE123D0A99DC0E172F89425B9342, 85E197DC7858A8396BA49E93CD1A35503F6546EEB24B7986E3D2D8C071CC46AA ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:29:07.0921 0x0760 winachsf - ok
16:29:07.0942 0x0760 WinDefend - ok
16:29:07.0951 0x0760 WinHttpAutoProxySvc - ok
16:29:08.0018 0x0760 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:29:08.0031 0x0760 Winmgmt - ok
16:29:08.0166 0x0760 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
16:29:08.0222 0x0760 WinRM - ok
16:29:08.0337 0x0760 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:29:08.0340 0x0760 WinUsb - ok
16:29:08.0416 0x0760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:29:08.0442 0x0760 Wlansvc - ok
16:29:08.0477 0x0760 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:29:08.0478 0x0760 WmiAcpi - ok
16:29:08.0519 0x0760 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:29:08.0525 0x0760 wmiApSrv - ok
16:29:08.0547 0x0760 WMPNetworkSvc - ok
16:29:08.0572 0x0760 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:29:08.0576 0x0760 WPCSvc - ok
16:29:08.0597 0x0760 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:29:08.0603 0x0760 WPDBusEnum - ok
16:29:08.0633 0x0760 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:29:08.0634 0x0760 ws2ifsl - ok
16:29:08.0685 0x0760 [ 8F9F3969933C02DA96EB0F84576DB43E, C424D7B881A4DCC348433CF02044383013E32DB94CC66D1D20E1866CB3B0F952 ] wscsvc C:\Windows\System32\wscsvc.dll
16:29:08.0695 0x0760 wscsvc - ok
16:29:08.0703 0x0760 WSearch - ok
16:29:08.0901 0x0760 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
16:29:08.0968 0x0760 wuauserv - ok
16:29:09.0015 0x0760 [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:29:09.0021 0x0760 WudfPf - ok
16:29:09.0057 0x0760 [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:09.0065 0x0760 WUDFRd - ok
16:29:09.0102 0x0760 [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:29:09.0111 0x0760 wudfsvc - ok
16:29:09.0147 0x0760 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:29:09.0161 0x0760 WwanSvc - ok
16:29:09.0200 0x0760 [ E288FA83C178A3458BAC1FA80B346C06, 72EA793EFECCC36930D04820FCFBB3064873FB7B65D010EA9B77FCD9ACFE8C12 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
16:29:09.0202 0x0760 XAudio - ok
16:29:09.0243 0x0760 [ 510652A925B5D6C3892379D263A87F00, A4F5425349444463E7D55AA65B0ACDCACDBC6B2193CBC4F0CA73286857737B54 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
16:29:09.0259 0x0760 XAudioService - ok
16:29:09.0295 0x0760 ================ Scan global ===============================
16:29:09.0321 0x0760 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:29:09.0377 0x0760 [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
16:29:09.0408 0x0760 [ 0CB6EBF4B461A6043353C570BD72A1E1, B6DA0AE56A7DC373F60CA1EF69E4D55E6F2EEB0D62AB78D555C5F85EB389A356 ] C:\Windows\system32\winsrv.dll
16:29:09.0443 0x0760 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:29:09.0487 0x0760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:29:09.0498 0x0760 [ Global ] - ok
16:29:09.0499 0x0760 ================ Scan MBR ==================================
16:29:09.0509 0x0760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:29:10.0231 0x0760 \Device\Harddisk0\DR0 - ok
16:29:10.0232 0x0760 ================ Scan VBR ==================================
16:29:10.0235 0x0760 [ 8AF5ABB0AC8F4C679A85843630A6FEE0 ] \Device\Harddisk0\DR0\Partition1
16:29:10.0238 0x0760 \Device\Harddisk0\DR0\Partition1 - ok
16:29:10.0239 0x0760 ================ Scan generic autorun ======================
16:29:10.0284 0x0760 [ 92FDB0658CA16974B4AE80E248A5B118, 9E0CF6A9C845C5F9E4B80B9105DBECE15ACC27984FCBFD8774C00EBE20DB652F ] C:\Windows\system32\igfxtray.exe
16:29:10.0293 0x0760 IgfxTray - ok
16:29:10.0325 0x0760 [ 23A6AE66AA4BEF792649736385BB51BA, FC85E38B2F5F52E970EAE5DAFC3B738BCC8BF596AF3766F0EDA03040664E1F08 ] C:\Windows\system32\hkcmd.exe
16:29:10.0338 0x0760 HotKeysCmds - ok
16:29:10.0375 0x0760 [ F6FA1865978214FB7FCD80149BBF1C13, 3CA24827982B521986DBE1E5600316155800C3777BAF415B978C7FE9F3AA3DD2 ] C:\Windows\system32\igfxpers.exe
16:29:10.0388 0x0760 Persistence - ok
16:29:10.0554 0x0760 [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
16:29:10.0574 0x0760 AdobeAAMUpdater-1.0 - ok
16:29:10.0672 0x0760 [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
16:29:10.0675 0x0760 GrooveMonitor - ok
16:29:10.0808 0x0760 [ 4D042B1F1375CF371AFBE0E0276BA627, FA64290562115F567C8CFB1B701E28CEBA772052CB6A02C036897C2C7BD5BA08 ] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
16:29:10.0827 0x0760 Acrobat Assistant 8.0 - ok
16:29:10.0981 0x0760 [ C1873D880786B6B03AF781E23835D925, C573BED9F8F2F370F644505FC88A1476BC00A55F45BD7B7882B9E2C66EBFFFB9 ] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
16:29:11.0032 0x0760 Adobe_ID0EYTHM - ok
16:29:11.0139 0x0760 [ 2E5212A0BFB98FE0167C92C76C87AFE3, 8C8ACD175A626453878154AF48760D99979C6D2836BC4816575B347C668D4F9E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:29:11.0149 0x0760 SunJavaUpdateSched - ok
16:29:11.0260 0x0760 [ B114DB354D13A21C1AC2B1807EE2F500, 7320791554672833D2A50B4CEEA54372ED76F8272EF88F9A08DC33D7D701E2DC ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
16:29:11.0271 0x0760 TkBellExe - ok
16:29:11.0410 0x0760 [ 696A74A2E7AAD166D0A97499A43AD084, A661156C420B3198A82A6A395B986B28E89645CCFEFF4ED68B95EE5FC447E032 ] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe
16:29:11.0415 0x0760 TrayServer - ok
16:29:11.0672 0x0760 [ 46B9417D04912FFE8FA205B3D10A1B75, 05E533E5A6B71C37B3398224C8F04D77AC063EA75FBDC70FFF8F120F03EF86B1 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
16:29:11.0756 0x0760 Adobe Creative Cloud - ok
16:29:11.0918 0x0760 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:29:11.0950 0x0760 Sidebar - ok
16:29:11.0995 0x0760 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:29:11.0998 0x0760 mctadmin - ok
16:29:12.0066 0x0760 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:29:12.0092 0x0760 Sidebar - ok
16:29:12.0102 0x0760 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:29:12.0105 0x0760 mctadmin - ok
16:29:12.0115 0x0760 AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x50010 ( disabled : outofdate )
16:29:12.0117 0x0760 FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x50010 ( disabled )
16:29:12.0120 0x0760 Win FW state via NFP2: enabled
16:29:14.0569 0x0760 ============================================================
16:29:14.0569 0x0760 Scan finished
16:29:14.0569 0x0760 ============================================================
16:29:14.0586 0x0e68 Detected object count: 0
16:29:14.0586 0x0e68 Actual detected object count: 0
16:29:38.0204 0x0be8 Deinitialize success
|
|
22.01.2015, 20:17
| #5 |
| /// the machine /// TB-Ausbilder | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.01.2015, 12:47
| #6 |
| | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Bitte schön: Code:
ATTFilter ComboFix 15-01-22.02 - Ibrahim 23.01.2015 11:51:37.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.4086.2322 [GMT 1:00]
ausgeführt von:: c:\users\Ibrahim\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
c:\users\Ibrahim\AppData\Local\Kosong.Bron.Tok.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-23 bis 2015-01-23 ))))))))))))))))))))))))))))))
.
.
2015-01-23 11:01 . 2015-01-23 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-23 02:12 . 2015-01-23 02:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9BCB54-EB55-41F2-8C9F-8350BF335651}\offreg.dll
2015-01-23 02:11 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C9BCB54-EB55-41F2-8C9F-8350BF335651}\mpengine.dll
2015-01-22 15:20 . 2015-01-22 15:20 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-01-22 14:21 . 2015-01-22 14:24 -------- d-----w- C:\FRST
2015-01-22 11:02 . 2015-01-23 07:58 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-22 11:01 . 2015-01-22 11:40 -------- d-----w- c:\program files (x86)\Test1234
2015-01-22 11:01 . 2015-01-22 11:01 -------- d-----w- c:\programdata\Malwarebytes
2015-01-22 11:01 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-22 11:01 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-22 11:01 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-14 17:07 . 2015-01-14 19:04 -------- d-----w- c:\users\Ibrahim\AppData\Roaming\SendBlaster2
2015-01-14 17:04 . 2015-01-14 17:05 -------- d-----w- c:\program files (x86)\SendBlaster
2015-01-14 16:36 . 2015-01-14 17:00 -------- d-----w- c:\users\Ibrahim\AppData\Roaming\SendBlaster3
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 14:28 . 2013-04-26 04:07 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-16 14:28 . 2011-06-23 14:16 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-08 08:55 . 2010-03-23 00:19 298120 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-19 273544]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe" [2008-08-07 90112]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-02-02 2239376]
.
c:\users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
simplicheck.lnk - c:\program files (x86)\simplitec\simplicheck\simplicheck.exe -timer [2012-3-2 2445632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Test1234\mbamservice.exe;c:\program files (x86)\Test1234\mbamservice.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Test1234\mbamscheduler.exe;c:\program files (x86)\Test1234\mbamscheduler.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]
S3 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33391015
*NewlyCreated* - FXRIQFOW
*Deregistered* - 33391015
*Deregistered* - fxriqfow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-16 14:10 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-26 14:28]
.
2015-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 20:48]
.
2015-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 20:48]
.
2015-01-22 c:\windows\Tasks\ReclaimerUpdateFiles_Ibrahim.job
- c:\users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11 22:25]
.
2015-01-22 c:\windows\Tasks\ReclaimerUpdateXML_Ibrahim.job
- c:\users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11 22:25]
.
2015-01-22 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Ibrahim.job
- c:\users\Ibrahim\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-11 22:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-01-31 15:45 643952 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-01-31 15:45 643952 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-01-31 15:45 643952 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=f259e586000000000000001f3c568fb7&q=
FF - user.js: extensions.Softonic.id - f259e586000000000000001f3c568fb7
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16037
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1421:18
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=f259e586000000000000001f3c568fb7
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f259e586000000000000001f3c568fb7
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - (no file)
AddRemove-FileZilla Client - c:\users\Ibrahim\Desktop\FileZilla FTP Client\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-23 12:05:36
ComboFix-quarantined-files.txt 2015-01-23 11:05
.
Vor Suchlauf: 6.931.304.448 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 13.165.195.264 Bytes frei
.
- - End Of File - - D401305A0891F5249F7B824A3BF4A97D
A36C5E4F47E84449FF07ED3517B43A31
|
|
23.01.2015, 13:19
| #7 |
| /// the machine /// TB-Ausbilder | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.01.2015, 20:04
| #8 |
| | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Sorry für die späte Rückmeldung, hab heute erst wieder Zugriff auf den Patienten. Btw: Während MBAM lief, wollte ich ADWCleaner runterladen. Prompt hat der sich wehrende Übeltäter den Rechner runtergefahren. Nach MBAM und ADWCleaner umbenennen ging es. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.01.2015 Scan Time: 18:55:45 Logfile: mbam3.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.01.30.07 Rootkit Database: v2015.01.14.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 CPU: x64 File System: NTFS User: Ibrahim Scan Type: Threat Scan Result: Completed Objects Scanned: 366132 Time Elapsed: 23 min, 1 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 3 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, 1980, Delete-on-Reboot, [395620ddd1b85adcb9772056ea16e11f] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, 1860, Delete-on-Reboot, [6a2518e5f19887af5bd5d89e26da29d7] Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, 2296, Delete-on-Reboot, [fb94ea13ec9d350143ed77ff966a2dd3] Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Dropper, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, "C:\Users\Ibrahim\AppData\Local\smss.exe", Quarantined, [771867967f0ae0569997581efc044db3] Hijack.FolderOptions, HKU\S-1-5-21-3353200993-3378237040-2345229884-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [d8b710ed45448ea8973e1225e81c916f] Registry Data: 0 (No malicious items detected) Folders: 4 Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-26, Quarantined, [533c23daaadf5adcb98d3c061be8b34d], Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-27, Quarantined, [0788c53863261f172521a2a00ef5b34d], Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-29, Quarantined, [b5da8c712e5be3538fb72e147f84827e], Worm.Brontok, C:\Users\Ibrahim\AppData\Local\Bron.tok-12-30, Quarantined, [9af57f7e86035dd990b6a89a719237c9], Files: 37 Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\winlogon.exe, Delete-on-Reboot, [395620ddd1b85adcb9772056ea16e11f], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\services.exe, Delete-on-Reboot, [6a2518e5f19887af5bd5d89e26da29d7], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\lsass.exe, Delete-on-Reboot, [fb94ea13ec9d350143ed77ff966a2dd3], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\smss.exe, Quarantined, [771867967f0ae0569997581efc044db3], Trojan.Dropper, C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif, Quarantined, [c4cb0feea4e5af879b955422b64afe02], Trojan.Dropper, C:\Users\Ibrahim\Documents\Documents.exe, Quarantined, [7817798492f7b6807ab6d6a06799f50b], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\csrss.exe, Quarantined, [9bf41fde5a2fd75f0030cfa7af51d22e], Trojan.Dropper, C:\Users\Ibrahim\AppData\Local\inetinfo.exe, Quarantined, [1f70a558870241f51917b0c6f709f709], PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.admin", false);), Replaced,[1a750cf11871360097d12cbba2637b85] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences /* Do not edit this file. * ), Replaced,[395631cc3059d363254315d28382619f] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (references /* Do not edit this file. * * If you make changes to this file ), Replaced,[048b34c92465d0663f29d01743c20cf4] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (e. * * If you make changes to this file while t), Replaced,[305fd726dcad71c55c0ce9fe2bdab848] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you), Replaced,[1c73f00dc0c930064c1c56914abb60a0] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (erences /* Do not edit this file. * * If ), Replaced,[9bf4fffe26636fc70d5b3bac4db8a15f] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (rences /* Do not edit this file. * * If), Replaced,[751a49b4b0d93105185006e1fc0905fb] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences /* Do not edit this file. * * If), Replaced,[701f24d9ea9f7cba4d1b7275a2632ed2] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (rences /* Do not edit this file. * * If you m), Replaced,[c7c801fcbfcaf640b8b0e9fe8283f20e] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (es /* Do not edit this file. * * If y), Replaced,[b2ddc736840537ff35338b5c9075a858] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (references /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be ove), Replaced,[ade21edfaedb0b2ba1c7ad3aff06fe02] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (tion is running, * the changes will be overwritten when the applicatio), Replaced,[850a807d55348aacc7a1d413e1248b75] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( this file. * * If you make changes to this fil), Replaced,[612e8c7160298babdc8c3cabb84d7e82] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you make c), Replaced,[56392ecf7b0e93a3ca9e4c9bac5938c8] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( /* Do not edit this file. * * If you m), Replaced,[315e8f6e711875c1abbd8c5b17eea35d] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwrit), Replaced,[7e1100fd5a2fdd59b2b64f98ff06857b] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (n is running, * the changes will be overwritten w), Replaced,[058a37c61b6e53e3452351967c8927d9] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you make ), Replaced,[c6c9e6172366de58145409de33d22fd1] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (s /* Do not edit this file. * * If you m), Replaced,[296642bb0089ec4ada8ed01749bc0bf5] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (erences /* Do not edit this file. * * If y), Replaced,[117e20dd39506bcb3a2e06e1f80de61a] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ences /* Do not edit this file. * * If you make changes to this f), Replaced,[eaa5fc01ee9bc96da8c009de8d788c74] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( this file. * * If you make changes to this file whil), Replaced,[1b7475888ffa0531c6a2a83ff80d37c9] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: ( /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the a), Replaced,[9af5de1fcebbb18583e53fa81bea8e72] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (s running, * the changes will be overwritten when), Replaced,[820d1fde1a6f37ffd593c02712f308f8] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (ces /* Do not edit this file. * * If you make changes ), Replaced,[226daa53a6e352e4abbd2bbc93724bb5] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (Do not edit this file. * * If you make changes t), Replaced,[cac53bc2d5b4da5cff695592ca3baa56] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=f259e586000000000000001f3c568fb7");), Replaced,[b8d7fc014a3ff442ed8384636a9bee12] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (dateTime.background-update-timer", 1421922021); user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1422302304); user_pref("ap), Replaced,[345bbd40711896a0adc322c5de2741bf] PUP.Optional.Softonic.A, C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\prefs.js, Good: (), Bad: (imer", 1422302304); user_pref("app.update.lastUpdateTime.background-update-timer", 1422302064); user_pref("app.update.lastUpdateTime.blocklist-bac), Replaced,[9df2df1ed2b7a88e224eedfab15411ef] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 30/01/2015 um 19:47:18
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : Ibrahim - IBRAHIM-PC
# Gestartet von : C:\Users\Ibrahim\Desktop\test5678.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\Program Files (x86)\simplitec
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Ibrahim\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Ibrahim\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ibrahim\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Ibrahim\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Datei Gelöscht : C:\Users\Ibrahim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
Datei Gelöscht : C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\invalidprefs.js
Datei Gelöscht : C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\user.js
***** [ Tasks ] *****
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1572363
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{94F94651-8923-44EA-B578-6B70988C545C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\simplitec
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16450
-\\ Mozilla Firefox v35.0.1 (x86 de)
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=f259e586000000000000001f3c568fb7");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.id", "f259e586000000000000001f3c568fb7");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16037");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f259e586000000000000001f3c568fb7");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=f259e586000000000000001f3c568fb7&q=");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1421:18:00");
[ntthd1r7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
-\\ Google Chrome v40.0.2214.93
*************************
AdwCleaner[R0].txt - [8238 octets] - [30/01/2015 19:44:34]
AdwCleaner[S0].txt - [7953 octets] - [30/01/2015 19:47:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8013 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Ibrahim on 30.01.2015 at 19:51:26,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Ibrahim\AppData\Roaming\mozilla\firefox\profiles\ntthd1r7.default\minidumps [66 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.01.2015 at 19:58:12,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Ibrahim (administrator) on IBRAHIM-PC on 30-01-2015 19:58:44
Running from C:\Users\Ibrahim\Downloads
Loaded Profiles: Ibrahim (Available profiles: Ibrahim)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Test1234\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [273544 2011-05-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Premium_Sonderedition\TrayServer_de.exe [90112 2008-08-07] (MAGIX AG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-12-19] (TomTom)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\...\Policies\Explorer: [RestrictRun] 0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3353200993-3378237040-2345229884-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\.DEFAULT -> No Name - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3353200993-3378237040-2345229884-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\Ibrahim\AppData\Roaming\Mozilla\Firefox\Profiles\ntthd1r7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2015-01-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2013-12-26]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=f259e586000000000000001f3c568fb7"
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-22]
CHR Extension: (Norton Identity Safe) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-10]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-05-19]
CHR Extension: (Google Wallet) - C:\Users\Ibrahim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-03-23] (Macrovision Europe Ltd.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Test1234\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Test1234\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20131231.001\IDSvia64.sys [521944 2013-12-24] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\ENG64.SYS [126040 2014-01-01] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20131231.023\EX64.SYS [2099288 2014-01-01] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [36352 2008-01-19] (National Semiconductor Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-23] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-25] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 tifm21; C:\Windows\System32\drivers\tifm21.sys [314880 2010-03-23] (Texas Instruments)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 19:58 - 2015-01-30 19:58 - 00000757 _____ () C:\Users\Ibrahim\Desktop\JRT.txt
2015-01-30 19:51 - 2015-01-30 19:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 19:50 - 2015-01-30 19:50 - 01707939 _____ (Thisisu) C:\Users\Ibrahim\Downloads\JRT.exe
2015-01-30 19:49 - 2015-01-30 19:49 - 00008117 _____ () C:\Users\Ibrahim\Desktop\AdwCleaner[S0].txt
2015-01-30 19:49 - 2015-01-30 19:49 - 00000000 ____D () C:\Users\Ibrahim\Downloads\FRST-OlderVersion
2015-01-30 19:44 - 2015-01-30 19:47 - 00000000 ____D () C:\AdwCleaner
2015-01-30 19:41 - 2015-01-30 19:41 - 02194432 _____ () C:\Users\Ibrahim\Desktop\test5678.exe
2015-01-30 19:40 - 2015-01-30 19:40 - 00010314 _____ () C:\Users\Ibrahim\Desktop\mbam3.txt
2015-01-30 18:51 - 2015-01-30 18:51 - 02194432 _____ () C:\Users\Ibrahim\Downloads\AdwCleaner_4.109.exe
2015-01-29 22:51 - 2015-01-29 22:53 - 00000000 ____D () C:\32788R22FWJFW
2015-01-29 22:48 - 2015-01-29 22:48 - 00001011 _____ () C:\Users\Public\Desktop\Cool Edit Pro 2.0.lnk
2015-01-29 22:48 - 2015-01-29 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
2015-01-29 22:47 - 2015-01-29 22:48 - 00000000 ____D () C:\Program Files (x86)\coolpro2
2015-01-29 22:45 - 2015-01-29 22:46 - 00000000 ____D () C:\Users\Ibrahim\Desktop\cool edit pro
2015-01-29 16:59 - 2015-01-29 16:59 - 00030148 _____ () C:\Users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
2015-01-26 20:50 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\MyDrive Connect
2015-01-26 20:49 - 2015-01-26 20:49 - 06821496 _____ (TomTom International B.V.) C:\Users\Ibrahim\Downloads\InstallMyDriveConnect.exe
2015-01-26 19:55 - 2015-01-26 19:55 - 00000000 ____D () C:\Users\Ibrahim\Documents\TomTom
2015-01-26 19:54 - 2015-01-26 20:50 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\TomTom
2015-01-26 19:54 - 2015-01-26 20:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-01-26 19:54 - 2015-01-26 19:54 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\TomTom
2015-01-26 19:54 - 2015-01-26 19:54 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2015-01-26 19:52 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\TomTom International B.V
2015-01-26 19:52 - 2015-01-26 19:52 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Downloaded Installations
2015-01-26 19:51 - 2015-01-26 19:51 - 00000051 _____ () C:\Users\Ibrahim\AppData\Local\Kosong.Bron.Tok.txt
2015-01-26 19:50 - 2015-01-26 19:52 - 31122120 _____ () C:\Users\Ibrahim\Downloads\TomTomHOME2winlatest (1).exe
2015-01-26 13:04 - 2015-01-26 13:05 - 31122120 _____ () C:\Users\Ibrahim\Downloads\TomTomHOME2winlatest.exe
2015-01-23 12:05 - 2015-01-23 12:05 - 00020583 _____ () C:\ComboFix.txt
2015-01-23 11:49 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-23 11:49 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-23 11:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-23 11:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-23 11:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-23 11:49 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-23 11:49 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-23 11:49 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-23 11:47 - 2015-01-23 12:05 - 00000000 ____D () C:\Qoobox
2015-01-23 11:47 - 2015-01-23 12:03 - 00000000 ____D () C:\Windows\erdnt
2015-01-23 11:45 - 2015-01-29 22:53 - 05611408 ____R (Swearware) C:\Users\Ibrahim\Desktop\ComboFix.exe
2015-01-22 16:21 - 2015-01-22 16:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Ibrahim\Desktop\tdsskiller.exe
2015-01-22 16:20 - 2015-01-22 16:20 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ibrahim\Downloads\revosetup95.exe
2015-01-22 16:20 - 2015-01-22 16:20 - 00001268 _____ () C:\Users\Ibrahim\Desktop\Revo Uninstaller.lnk
2015-01-22 16:20 - 2015-01-22 16:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-22 15:52 - 2015-01-22 15:52 - 00008969 _____ () C:\Users\Ibrahim\Desktop\MBAM2.txt
2015-01-22 15:52 - 2015-01-22 15:52 - 00008969 _____ () C:\Users\Ibrahim\Desktop\MBAM1.txt
2015-01-22 15:42 - 2015-01-22 15:42 - 00006187 _____ () C:\Users\Ibrahim\Desktop\gmer.log
2015-01-22 15:24 - 2015-01-22 15:24 - 00024288 _____ () C:\Users\Ibrahim\Downloads\Addition.txt
2015-01-22 15:21 - 2015-01-30 19:58 - 00019695 _____ () C:\Users\Ibrahim\Downloads\FRST.txt
2015-01-22 15:21 - 2015-01-30 19:58 - 00000000 ____D () C:\FRST
2015-01-22 15:19 - 2015-01-30 19:49 - 02130432 _____ (Farbar) C:\Users\Ibrahim\Downloads\FRST64.exe
2015-01-22 15:19 - 2015-01-22 15:20 - 00380416 _____ () C:\Users\Ibrahim\Downloads\7u8ie45g.exe
2015-01-22 15:15 - 2015-01-22 15:15 - 00050477 _____ () C:\Users\Ibrahim\Downloads\Defogger.exe
2015-01-22 15:15 - 2015-01-22 15:15 - 00000654 _____ () C:\Users\Ibrahim\Downloads\defogger_disable.log
2015-01-22 15:15 - 2015-01-22 15:15 - 00000216 _____ () C:\Users\Ibrahim\defogger_reenable
2015-01-22 12:40 - 2015-01-22 12:40 - 00000987 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-22 12:02 - 2015-01-30 18:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 12:01 - 2015-01-22 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Test1234
2015-01-22 12:01 - 2015-01-22 12:40 - 00000000 ____D () C:\Program Files (x86)\Test1234
2015-01-22 12:01 - 2015-01-22 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 12:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 12:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 12:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 11:59 - 2015-01-22 12:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Ibrahim\Downloads\test1234.exe
2015-01-21 18:28 - 2015-01-21 18:28 - 53923516 _____ () C:\Users\Ibrahim\Desktop\Heute den Islam annehmen _ sehr hilfreiches Video _.mp4
2015-01-21 18:21 - 2015-01-21 18:21 - 00105808 _____ (GreenTree Applications SRL) C:\Users\Ibrahim\Desktop\YTDSetup.exe
2015-01-20 15:20 - 2015-01-20 15:20 - 00005744 _____ () C:\Users\Ibrahim\Documents\Alle Daten zu Schahada.odt
2015-01-20 12:58 - 2015-01-25 16:41 - 00000000 ____D () C:\Users\Ibrahim\Desktop\Schahada Daten
2015-01-17 12:04 - 2015-01-30 18:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 18:27 - 2015-01-22 11:53 - 00000000 ____D () C:\Users\Ibrahim\Desktop\Jenseits
2015-01-16 17:12 - 2015-01-16 18:22 - 00006770 _____ () C:\Users\Ibrahim\Desktop\Adressen Daueraufträge.txt
2015-01-16 16:23 - 2015-01-16 16:23 - 00003198 _____ () C:\Windows\System32\Tasks\{7AB8221E-2701-4B62-90E2-E89DB6A52E6B}
2015-01-14 18:07 - 2015-01-14 20:04 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\SendBlaster2
2015-01-14 18:07 - 2015-01-14 18:07 - 00000000 ____D () C:\Users\Ibrahim\Documents\SendBlaster2
2015-01-14 18:05 - 2015-01-14 18:05 - 00002795 _____ () C:\Users\Ibrahim\Desktop\Microsoft Office Outlook 2007.lnk
2015-01-14 18:05 - 2015-01-14 18:05 - 00001914 _____ () C:\Users\Public\Desktop\SendBlaster.lnk
2015-01-14 18:05 - 2015-01-14 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SendBlaster 2
2015-01-14 18:04 - 2015-01-14 18:05 - 00000000 ____D () C:\Program Files (x86)\SendBlaster
2015-01-14 17:36 - 2015-01-14 18:00 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\SendBlaster3
2015-01-14 17:36 - 2015-01-14 17:36 - 00000000 ____D () C:\Users\Ibrahim\Documents\SendBlaster3
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-30 19:53 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 19:53 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 19:48 - 2010-12-14 21:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 19:48 - 2010-03-23 02:39 - 00177656 _____ () C:\Windows\PFRO.log
2015-01-30 19:48 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 19:48 - 2009-07-14 05:51 - 00138307 _____ () C:\Windows\setupact.log
2015-01-30 19:47 - 2010-03-23 00:42 - 01125107 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 19:43 - 2009-07-14 19:18 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-30 19:28 - 2013-04-26 05:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 19:05 - 2010-12-14 21:20 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 18:53 - 2012-07-04 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 18:30 - 2010-04-02 15:31 - 00019456 _____ () C:\Users\Ibrahim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 17:35 - 2014-11-12 14:42 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Loc.Mail.Bron.Tok
2015-01-30 17:30 - 2010-03-23 02:27 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Adobe
2015-01-29 22:55 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-29 22:49 - 2009-07-14 03:34 - 00000508 _____ () C:\Windows\win.ini
2015-01-29 22:49 - 2009-07-14 03:34 - 00000243 _____ () C:\Windows\system.ini
2015-01-29 22:34 - 2010-03-23 02:40 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-29 22:01 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2015-01-29 22:01 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2015-01-29 22:01 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 17:03 - 2014-06-14 09:19 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-25 15:57 - 2013-04-26 05:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:57 - 2013-04-26 05:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:57 - 2011-06-23 15:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 12:05 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-22 15:15 - 2010-03-23 00:52 - 00000000 ____D () C:\Users\Ibrahim
2015-01-22 13:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-22 13:14 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\ShellNew
2015-01-21 17:40 - 2010-03-23 02:18 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Adobe
2015-01-08 09:55 - 2010-03-23 01:19 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 14:42 - 2010-12-14 21:20 - 00000000 ____D () C:\Users\Ibrahim\AppData\Local\Google
2015-01-04 14:40 - 2012-07-04 11:26 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Mozilla
2015-01-04 14:39 - 2011-05-22 10:16 - 00000000 ____D () C:\Program Files (x86)\Athan
2015-01-04 14:33 - 2010-12-14 21:19 - 00000000 ____D () C:\Users\Ibrahim\AppData\Roaming\Skype
2015-01-04 14:33 - 2010-12-14 21:19 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-01-29 16:59 - 2015-01-29 16:59 - 0030148 _____ () C:\Users\Ibrahim\AppData\Local\Bron.tok.A12.em.bin
2010-04-02 15:31 - 2015-01-30 18:30 - 0019456 _____ () C:\Users\Ibrahim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-26 19:51 - 2015-01-26 19:51 - 0000051 _____ () C:\Users\Ibrahim\AppData\Local\Kosong.Bron.Tok.txt
2012-01-06 08:24 - 2012-01-06 08:24 - 0000000 _____ () C:\Users\Ibrahim\AppData\Local\{63000764-7767-4BA9-A44D-8321877C66FF}
2014-07-20 21:59 - 2014-07-20 21:59 - 0000000 _____ () C:\Users\Ibrahim\AppData\Local\{AC08F4B5-C54C-4411-ADBB-D78B3EF9AE29}
2010-12-14 21:21 - 2010-12-14 21:21 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Ibrahim\AppData\Local\Temp\Quarantine.exe
C:\Users\Ibrahim\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-26 22:11
==================== End Of Log ============================
--- --- --- |
|
31.01.2015, 11:39
| #9 |
| /// the machine /// TB-Ausbilder | W7: Worm.Brontok u.v.m. lässt sich nicht entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.02.2015, 16:04
| #10 | |
| | W7: Worm.Brontok u.v.m. lässt sich nicht entfernenZitat:
Eigentlich schien alles OK, keine Probleme mehr. Alles sauber. Und dann packt meinen Kumpel der Ehrgeiz... und in heroischer Selbstopferung macht er alles platt, um Linux Mint zu installieren. Nicht die schlechteste Wahl. Besten Dank! Wie immer erstklassiger Schrauber-Service.  |
|
03.02.2015, 19:35
| #11 |
| /// the machine /// TB-Ausbilder | W7: Worm.Brontok u.v.m. lässt sich nicht entfernen Hehe, ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu W7: Worm.Brontok u.v.m. lässt sich nicht entfernen |
| adware, bonjour, browser, canon, computer, converter, cpu, desktop, downloader, dvdvideosoft ltd., entfernen, error, excel, fehler, firefox, flash player, ftp, iexplore.exe, mozilla, registry, security, server, software, stick, svchost.exe, symantec, windows |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
