| |
| |||||||
Log-Analyse und Auswertung: Werbung bzw. Musik im Hintergrund - auch bei geschlossenem BrowserWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.02.2015, 10:40
| #1 |
| |  Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Seit einigen Tagen kommt alle paar Minuten hörbar Werbung (Axe, Sensodyne, etc.) oder für ein paar Sekunden Musik, und zwar auch nachdem der Browser und alle anderen Programme geschlossen wurden. Nachdem ich Eure Tipps und Anleitungen gelesen habe wurden von mir alle Schritte abgearbeitet. Als erstes wurde von mir ein kompletter Alvira-Scan durchgeführt der auch etwas gefunden hat, allerdings wurde nicht alles gefundene" entfernt. Ich bin mir nicht sicher ob das Problem dadurch behoben wurde und habe anschließend die von Euch beschriebenen weiteren Schritte durchgeführt. Alvira-Scan: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 01. Februar 2015 16:59
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : DIRK-PC
Versionsinformationen:
BUILD.DAT : 14.0.7.468 91859 Bytes 24.11.2014 10:23:00
AVSCAN.EXE : 14.0.7.462 1015544 Bytes 09.12.2014 09:56:20
AVSCANRC.DLL : 14.0.7.308 64304 Bytes 06.11.2014 09:35:05
LUKE.DLL : 14.0.7.462 60664 Bytes 09.12.2014 09:56:26
AVSCPLR.DLL : 14.0.7.440 93488 Bytes 09.12.2014 09:56:20
REPAIR.DLL : 14.0.7.412 366328 Bytes 09.12.2014 09:56:19
REPAIR.RDF : 1.0.4.40 695717 Bytes 30.01.2015 09:34:36
AVREG.DLL : 14.0.7.310 264952 Bytes 06.11.2014 09:35:04
AVLODE.DLL : 14.0.7.440 561456 Bytes 09.12.2014 09:56:19
AVLODE.RDF : 14.0.4.54 78895 Bytes 05.12.2014 16:00:29
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:02
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 11:27:03
XBV00192.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00193.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00194.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00195.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00196.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00197.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00198.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00199.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00200.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00201.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00202.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00203.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00204.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00205.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00206.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00207.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00208.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00209.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00210.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00211.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00212.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00213.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:29
XBV00214.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00215.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00216.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00217.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00218.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00219.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00220.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00221.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00222.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00223.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00224.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00225.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00226.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00227.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00228.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00229.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00230.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00231.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00232.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00233.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00234.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00235.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00236.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00237.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00238.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00239.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00240.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00241.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:30
XBV00242.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00243.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00244.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00245.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00246.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00247.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00248.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00249.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00250.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00251.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00252.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00253.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00254.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00255.VDF : 8.11.201.28 2048 Bytes 14.01.2015 14:53:31
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 08:32:58
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 08:32:58
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 08:32:58
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 08:32:58
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 08:32:58
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 08:32:58
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:20:22
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 11:40:26
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 11:27:02
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 11:16:50
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 13:53:26
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 12:45:44
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:21:38
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 14:53:23
XBV00042.VDF : 8.11.201.52 20992 Bytes 14.01.2015 14:53:23
XBV00043.VDF : 8.11.201.74 2048 Bytes 14.01.2015 14:53:23
XBV00044.VDF : 8.11.201.100 13824 Bytes 14.01.2015 21:32:26
XBV00045.VDF : 8.11.201.124 4608 Bytes 14.01.2015 05:10:05
XBV00046.VDF : 8.11.201.126 8704 Bytes 15.01.2015 21:04:37
XBV00047.VDF : 8.11.201.128 2048 Bytes 15.01.2015 21:04:38
XBV00048.VDF : 8.11.201.132 13824 Bytes 15.01.2015 21:04:38
XBV00049.VDF : 8.11.201.134 9216 Bytes 15.01.2015 21:04:38
XBV00050.VDF : 8.11.201.136 26112 Bytes 15.01.2015 21:04:38
XBV00051.VDF : 8.11.201.138 2048 Bytes 15.01.2015 21:04:38
XBV00052.VDF : 8.11.201.142 40960 Bytes 15.01.2015 10:07:27
XBV00053.VDF : 8.11.201.144 5120 Bytes 15.01.2015 10:07:27
XBV00054.VDF : 8.11.201.148 20992 Bytes 16.01.2015 10:07:27
XBV00055.VDF : 8.11.201.150 8192 Bytes 16.01.2015 10:07:27
XBV00056.VDF : 8.11.201.152 9728 Bytes 16.01.2015 16:07:26
XBV00057.VDF : 8.11.201.154 12288 Bytes 16.01.2015 16:07:26
XBV00058.VDF : 8.11.201.176 50176 Bytes 16.01.2015 16:07:26
XBV00059.VDF : 8.11.201.196 2048 Bytes 16.01.2015 16:07:26
XBV00060.VDF : 8.11.201.216 2048 Bytes 16.01.2015 16:07:26
XBV00061.VDF : 8.11.201.236 27648 Bytes 16.01.2015 22:08:25
XBV00062.VDF : 8.11.201.238 2048 Bytes 16.01.2015 22:08:25
XBV00063.VDF : 8.11.202.4 13312 Bytes 16.01.2015 22:08:25
XBV00064.VDF : 8.11.202.6 2048 Bytes 16.01.2015 22:08:25
XBV00065.VDF : 8.11.202.26 3584 Bytes 16.01.2015 11:06:53
XBV00066.VDF : 8.11.202.28 3584 Bytes 17.01.2015 11:06:53
XBV00067.VDF : 8.11.202.32 53760 Bytes 17.01.2015 11:06:54
XBV00068.VDF : 8.11.202.34 16896 Bytes 17.01.2015 17:06:49
XBV00069.VDF : 8.11.202.36 2048 Bytes 17.01.2015 17:06:49
XBV00070.VDF : 8.11.202.56 14336 Bytes 17.01.2015 17:06:49
XBV00071.VDF : 8.11.202.76 124416 Bytes 18.01.2015 16:21:59
XBV00072.VDF : 8.11.202.78 2048 Bytes 18.01.2015 16:21:59
XBV00073.VDF : 8.11.202.98 30720 Bytes 18.01.2015 16:21:59
XBV00074.VDF : 8.11.202.118 27648 Bytes 18.01.2015 16:21:59
XBV00075.VDF : 8.11.202.136 94720 Bytes 19.01.2015 09:23:09
XBV00076.VDF : 8.11.202.170 2048 Bytes 19.01.2015 09:23:09
XBV00077.VDF : 8.11.202.188 19968 Bytes 19.01.2015 09:23:09
XBV00078.VDF : 8.11.202.206 2048 Bytes 19.01.2015 09:23:09
XBV00079.VDF : 8.11.202.224 27136 Bytes 19.01.2015 15:22:52
XBV00080.VDF : 8.11.202.226 17408 Bytes 19.01.2015 15:22:52
XBV00081.VDF : 8.11.202.238 38400 Bytes 19.01.2015 02:09:32
XBV00082.VDF : 8.11.203.0 56832 Bytes 19.01.2015 02:09:32
XBV00083.VDF : 8.11.203.20 28672 Bytes 19.01.2015 02:09:32
XBV00084.VDF : 8.11.203.36 12800 Bytes 19.01.2015 02:09:32
XBV00085.VDF : 8.11.203.54 57856 Bytes 20.01.2015 08:09:33
XBV00086.VDF : 8.11.203.58 2048 Bytes 20.01.2015 08:09:33
XBV00087.VDF : 8.11.203.74 22016 Bytes 20.01.2015 08:09:33
XBV00088.VDF : 8.11.203.90 11776 Bytes 20.01.2015 14:09:31
XBV00089.VDF : 8.11.203.106 10240 Bytes 20.01.2015 14:09:31
XBV00090.VDF : 8.11.203.122 7680 Bytes 20.01.2015 14:09:31
XBV00091.VDF : 8.11.203.138 13312 Bytes 20.01.2015 14:09:31
XBV00092.VDF : 8.11.203.142 61952 Bytes 20.01.2015 07:44:50
XBV00093.VDF : 8.11.203.144 2048 Bytes 20.01.2015 07:44:50
XBV00094.VDF : 8.11.203.148 39424 Bytes 20.01.2015 07:44:50
XBV00095.VDF : 8.11.203.152 2048 Bytes 20.01.2015 07:44:50
XBV00096.VDF : 8.11.203.156 2048 Bytes 20.01.2015 07:44:50
XBV00097.VDF : 8.11.203.158 18944 Bytes 20.01.2015 07:44:50
XBV00098.VDF : 8.11.203.160 13824 Bytes 21.01.2015 07:44:50
XBV00099.VDF : 8.11.203.176 44544 Bytes 21.01.2015 07:44:50
XBV00100.VDF : 8.11.203.190 12800 Bytes 21.01.2015 15:22:15
XBV00101.VDF : 8.11.203.204 13824 Bytes 21.01.2015 15:22:15
XBV00102.VDF : 8.11.203.218 13824 Bytes 21.01.2015 15:22:15
XBV00103.VDF : 8.11.203.220 2048 Bytes 21.01.2015 15:22:15
XBV00104.VDF : 8.11.203.222 22016 Bytes 21.01.2015 15:22:15
XBV00105.VDF : 8.11.203.224 2048 Bytes 21.01.2015 06:16:02
XBV00106.VDF : 8.11.203.230 47104 Bytes 21.01.2015 06:16:02
XBV00107.VDF : 8.11.203.244 7680 Bytes 21.01.2015 06:16:02
XBV00108.VDF : 8.11.204.2 2048 Bytes 21.01.2015 06:16:02
XBV00109.VDF : 8.11.204.16 26112 Bytes 21.01.2015 06:16:02
XBV00110.VDF : 8.11.204.18 14336 Bytes 21.01.2015 06:16:02
XBV00111.VDF : 8.11.204.32 14336 Bytes 22.01.2015 06:16:02
XBV00112.VDF : 8.11.204.48 58368 Bytes 22.01.2015 07:33:53
XBV00113.VDF : 8.11.204.50 2048 Bytes 22.01.2015 07:33:53
XBV00114.VDF : 8.11.204.64 52736 Bytes 22.01.2015 07:40:25
XBV00115.VDF : 8.11.204.76 2048 Bytes 22.01.2015 07:40:25
XBV00116.VDF : 8.11.204.88 2048 Bytes 22.01.2015 07:40:25
XBV00117.VDF : 8.11.204.102 2048 Bytes 22.01.2015 07:40:25
XBV00118.VDF : 8.11.204.114 2048 Bytes 22.01.2015 07:40:25
XBV00119.VDF : 8.11.204.126 51712 Bytes 22.01.2015 07:40:25
XBV00120.VDF : 8.11.204.142 41472 Bytes 22.01.2015 07:40:25
XBV00121.VDF : 8.11.204.154 12288 Bytes 22.01.2015 07:40:25
XBV00122.VDF : 8.11.204.158 38400 Bytes 23.01.2015 07:40:25
XBV00123.VDF : 8.11.204.170 2048 Bytes 23.01.2015 07:40:25
XBV00124.VDF : 8.11.204.182 33280 Bytes 23.01.2015 14:45:14
XBV00125.VDF : 8.11.204.194 8192 Bytes 23.01.2015 14:45:14
XBV00126.VDF : 8.11.204.206 3072 Bytes 23.01.2015 14:45:14
XBV00127.VDF : 8.11.204.208 20480 Bytes 23.01.2015 20:50:07
XBV00128.VDF : 8.11.204.214 3584 Bytes 23.01.2015 03:15:07
XBV00129.VDF : 8.11.204.218 4608 Bytes 23.01.2015 03:15:07
XBV00130.VDF : 8.11.204.220 4608 Bytes 24.01.2015 03:15:07
XBV00131.VDF : 8.11.204.224 47104 Bytes 24.01.2015 16:04:37
XBV00132.VDF : 8.11.204.238 35840 Bytes 24.01.2015 16:04:37
XBV00133.VDF : 8.11.204.248 2048 Bytes 24.01.2015 16:04:37
XBV00134.VDF : 8.11.205.2 103936 Bytes 25.01.2015 21:23:10
XBV00135.VDF : 8.11.205.14 30208 Bytes 25.01.2015 21:23:10
XBV00136.VDF : 8.11.205.24 90112 Bytes 26.01.2015 09:52:13
XBV00137.VDF : 8.11.205.34 2048 Bytes 26.01.2015 09:52:13
XBV00138.VDF : 8.11.205.44 8704 Bytes 26.01.2015 09:52:14
XBV00139.VDF : 8.11.205.54 9216 Bytes 26.01.2015 09:52:14
XBV00140.VDF : 8.11.205.64 10240 Bytes 26.01.2015 15:52:09
XBV00141.VDF : 8.11.205.66 7168 Bytes 26.01.2015 15:52:09
XBV00142.VDF : 8.11.205.68 2048 Bytes 26.01.2015 15:52:09
XBV00143.VDF : 8.11.205.76 82944 Bytes 26.01.2015 03:34:23
XBV00144.VDF : 8.11.205.78 2048 Bytes 26.01.2015 03:34:23
XBV00145.VDF : 8.11.205.90 14848 Bytes 26.01.2015 03:34:23
XBV00146.VDF : 8.11.205.100 20992 Bytes 27.01.2015 09:34:24
XBV00147.VDF : 8.11.205.108 8704 Bytes 27.01.2015 09:34:24
XBV00148.VDF : 8.11.205.116 11264 Bytes 27.01.2015 09:34:24
XBV00149.VDF : 8.11.205.118 6144 Bytes 27.01.2015 09:34:24
XBV00150.VDF : 8.11.205.120 11264 Bytes 27.01.2015 15:34:30
XBV00151.VDF : 8.11.205.122 15872 Bytes 27.01.2015 15:34:30
XBV00152.VDF : 8.11.205.126 22528 Bytes 27.01.2015 06:24:40
XBV00153.VDF : 8.11.205.128 3072 Bytes 27.01.2015 06:24:40
XBV00154.VDF : 8.11.205.134 7168 Bytes 27.01.2015 06:24:40
XBV00155.VDF : 8.11.205.140 2048 Bytes 27.01.2015 06:24:40
XBV00156.VDF : 8.11.205.142 25600 Bytes 27.01.2015 06:24:40
XBV00157.VDF : 8.11.205.146 45568 Bytes 28.01.2015 06:24:40
XBV00158.VDF : 8.11.205.154 11264 Bytes 28.01.2015 12:25:16
XBV00159.VDF : 8.11.205.162 14848 Bytes 28.01.2015 12:25:16
XBV00160.VDF : 8.11.205.170 8704 Bytes 28.01.2015 12:25:16
XBV00161.VDF : 8.11.205.178 12800 Bytes 28.01.2015 12:25:16
XBV00162.VDF : 8.11.205.182 77824 Bytes 28.01.2015 04:54:26
XBV00163.VDF : 8.11.205.184 2560 Bytes 28.01.2015 04:54:26
XBV00164.VDF : 8.11.205.192 22528 Bytes 28.01.2015 04:54:26
XBV00165.VDF : 8.11.205.200 20992 Bytes 28.01.2015 04:54:26
XBV00166.VDF : 8.11.205.208 24576 Bytes 29.01.2015 10:54:26
XBV00167.VDF : 8.11.205.214 2048 Bytes 29.01.2015 10:54:26
XBV00168.VDF : 8.11.205.218 37376 Bytes 29.01.2015 20:51:38
XBV00169.VDF : 8.11.205.220 2048 Bytes 29.01.2015 20:51:39
XBV00170.VDF : 8.11.205.224 68096 Bytes 29.01.2015 03:34:24
XBV00171.VDF : 8.11.205.228 2048 Bytes 29.01.2015 03:34:24
XBV00172.VDF : 8.11.205.230 2048 Bytes 29.01.2015 03:34:24
XBV00173.VDF : 8.11.205.232 2048 Bytes 29.01.2015 03:34:24
XBV00174.VDF : 8.11.205.234 33280 Bytes 29.01.2015 03:34:24
XBV00175.VDF : 8.11.205.236 2048 Bytes 29.01.2015 03:34:25
XBV00176.VDF : 8.11.205.240 35840 Bytes 30.01.2015 09:34:36
XBV00177.VDF : 8.11.205.246 2048 Bytes 30.01.2015 09:34:36
XBV00178.VDF : 8.11.205.254 38912 Bytes 30.01.2015 15:34:24
XBV00179.VDF : 8.11.206.0 2048 Bytes 30.01.2015 15:34:24
XBV00180.VDF : 8.11.206.26 50688 Bytes 30.01.2015 07:51:12
XBV00181.VDF : 8.11.206.42 15872 Bytes 30.01.2015 07:51:12
XBV00182.VDF : 8.11.206.44 3072 Bytes 30.01.2015 07:51:12
XBV00183.VDF : 8.11.206.52 6656 Bytes 31.01.2015 07:51:12
XBV00184.VDF : 8.11.206.62 29184 Bytes 31.01.2015 13:51:05
XBV00185.VDF : 8.11.206.64 20480 Bytes 31.01.2015 13:51:05
XBV00186.VDF : 8.11.206.66 27648 Bytes 31.01.2015 23:10:16
XBV00187.VDF : 8.11.206.68 2048 Bytes 31.01.2015 23:10:16
XBV00188.VDF : 8.11.206.76 86016 Bytes 01.02.2015 15:06:27
XBV00189.VDF : 8.11.206.84 2048 Bytes 01.02.2015 15:06:27
XBV00190.VDF : 8.11.206.92 16384 Bytes 01.02.2015 15:06:27
XBV00191.VDF : 8.11.206.100 20992 Bytes 01.02.2015 15:06:27
LOCAL001.VDF : 8.11.206.100 121265152 Bytes 01.02.2015 15:08:55
Engineversion : 8.3.28.14
AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 13:56:02
AESCRIPT.DLL : 8.2.2.52 551792 Bytes 29.01.2015 20:51:38
AESCN.DLL : 8.3.2.2 139456 Bytes 21.07.2014 12:03:18
AESBX.DLL : 8.2.20.24 1409224 Bytes 08.05.2014 17:51:49
AERDL.DLL : 8.2.1.16 743328 Bytes 29.10.2014 14:54:10
AEPACK.DLL : 8.4.0.58 789360 Bytes 16.01.2015 16:07:26
AEOFFICE.DLL : 8.3.1.10 351088 Bytes 16.01.2015 16:07:26
AEMOBILE.DLL : 8.1.2.0 277360 Bytes 16.12.2014 16:58:34
AEHEUR.DLL : 8.1.4.1506 8079272 Bytes 29.01.2015 20:51:38
AEHELP.DLL : 8.3.1.0 278728 Bytes 29.05.2014 06:48:14
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 15:17:20
AEEXP.DLL : 8.4.2.48 252776 Bytes 25.11.2014 13:32:55
AEEMU.DLL : 8.1.3.4 399264 Bytes 07.08.2014 17:27:10
AEDROID.DLL : 8.4.3.6 850800 Bytes 16.12.2014 16:58:34
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 16:58:34
AEBB.DLL : 8.1.2.0 60448 Bytes 07.08.2014 17:27:10
AVWINLL.DLL : 14.0.7.308 25904 Bytes 06.11.2014 09:35:03
AVPREF.DLL : 14.0.7.308 52016 Bytes 06.11.2014 09:35:04
AVREP.DLL : 14.0.7.308 220976 Bytes 06.11.2014 09:35:05
AVARKT.DLL : 14.0.7.308 227632 Bytes 06.11.2014 09:35:03
AVEVTLOG.DLL : 14.0.7.440 184112 Bytes 09.12.2014 09:56:19
SQLITE3.DLL : 14.0.7.308 453936 Bytes 06.11.2014 09:35:19
AVSMTP.DLL : 14.0.7.308 79096 Bytes 06.11.2014 09:35:05
NETNT.DLL : 14.0.7.308 15152 Bytes 06.11.2014 09:35:17
RCIMAGE.DLL : 14.0.7.308 4865328 Bytes 06.11.2014 09:35:03
RCTEXT.DLL : 14.0.7.318 77048 Bytes 06.11.2014 09:35:03
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Sonntag, 01. Februar 2015 16:59
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, D:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Eine Instanz der ARK Library läuft bereits.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '160' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'AESTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'HWDeviceService64.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ouc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '207' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray64.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'iCloudServices.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplePhotoStreams.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'LiveUpd.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'inetstat.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'UI0Detect.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsSpellCheckingFacility.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '130' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3403' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Basis-Dirk>
Beginne mit der Suche in 'D:\' <Daten-Dirk>
[0] Archivtyp: RSRC
--> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
[1] Archivtyp: RSRC
--> C:\Program Files (x86)\Trojan Remover\Trjscan.exe
[2] Archivtyp: RSRC
--> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\Dropbox.exe
[3] Archivtyp: RSRC
--> C:\Users\Dirk\Downloads\trjsetup691.exe
[4] Archivtyp: Inno Setup
--> D:\11-Homepages\Templates-und-Module\Sonstige-Templates\Qualify.zip
[5] Archivtyp: ZIP
--> Qualify/html/com_content/archive/function.php
[FUND] Enthält verdächtigen Code: HEUR/Infected.WebPage.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
D:\11-Homepages\Templates-und-Module\Sonstige-Templates\Qualify.zip
[FUND] Enthält verdächtigen Code: HEUR/Infected.WebPage.Gen
Beginne mit der Desinfektion:
D:\11-Homepages\Templates-und-Module\Sonstige-Templates\Qualify.zip
[FUND] Enthält verdächtigen Code: HEUR/Infected.WebPage.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5068d453.qua' verschoben!
Ende des Suchlaufs: Sonntag, 01. Februar 2015 19:27
Benötigte Zeit: 2:08:13 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
37917 Verzeichnisse wurden überprüft
771570 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
771568 Dateien ohne Befall
6317 Archive wurden durchsucht
1 Warnungen
1 Hinweise
Defogger-Log, kein Neustart erforderlich gewesen: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:42 on 01/02/2015 (Dirk)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
---- FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Dirk (administrator) on DIRK-PC on 01-02-2015 19:45:12
Running from C:\Users\Dirk\Desktop
Loaded Profiles: Dirk (Available profiles: Dirk)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [LiveSupport] => "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [InetStat] => C:\Users\Dirk\AppData\Roaming\InetStat\inetstat.exe [777230 2015-01-27] ()
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_287_ActiveX.exe -update activex
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\MountPoints2: {81f495d1-da99-11e3-aa2a-00238be6d5f7} - F:\AutoRun.exe
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\MountPoints2: {81f495de-da99-11e3-aa2a-00238be6d5f7} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391763618&from=smt&uid=ST500LT012-1DG142_S3P1KVBGXXXXS3P1KVBG&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391763618&from=smt&uid=ST500LT012-1DG142_S3P1KVBGXXXXS3P1KVBG&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391763618&from=smt&uid=ST500LT012-1DG142_S3P1KVBGXXXXS3P1KVBG&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391763618&from=smt&uid=ST500LT012-1DG142_S3P1KVBGXXXXS3P1KVBG&q={searchTerms}
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.autosport.at/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - SiteFinder - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C03FF709-A07B-4859-8911-F71D0D84E441}: [NameServer] 213.162.69.170 213.162.69.2
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.autosport.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF user.js: detected! => C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\searchplugins\trovi-search.xml
FF Extension: Firebug - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-16]
FF Extension: PageRank - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\PageRank@addonfactory.in.xpi [2014-02-01]
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
CHR Extension: (Google Docs) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google-Suche) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Google Tabellen) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR Extension: (Google Mail) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-07] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Internet Enhancer Service; C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe [312320 2014-12-30] () [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1069248 2014-02-06] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Update RightSurf; "C:\Program Files (x86)\RightSurf\updateRightSurf.exe" [X]
S2 Util RightSurf; "C:\Program Files (x86)\RightSurf\bin\utilRightSurf.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:45 - 2015-02-01 19:46 - 00018431 _____ () C:\Users\Dirk\Desktop\FRST.txt
2015-02-01 19:44 - 2015-02-01 19:45 - 00000000 ____D () C:\FRST
2015-02-01 19:44 - 2015-02-01 19:44 - 02131456 _____ (Farbar) C:\Users\Dirk\Desktop\FRST64.exe
2015-02-01 19:42 - 2015-02-01 19:42 - 00000470 _____ () C:\Users\Dirk\Desktop\defogger_disable.log
2015-02-01 19:42 - 2015-02-01 19:42 - 00000000 _____ () C:\Users\Dirk\defogger_reenable
2015-02-01 19:41 - 2015-02-01 19:41 - 00050477 _____ () C:\Users\Dirk\Desktop\Defogger.exe
2015-02-01 19:41 - 2015-02-01 19:41 - 00000000 ____D () C:\Problem-Software
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Users\Dirk\Documents\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-31 15:46 - 2015-01-31 15:46 - 31390952 _____ (Simply Super Software ) C:\Users\Dirk\Downloads\trjsetup691.exe
2015-01-27 08:09 - 2015-01-27 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 09:31 - 2015-01-27 08:00 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 09:31 - 2015-01-26 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 09:30 - 2015-02-01 19:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 09:30 - 2015-02-01 11:09 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 09:30 - 2015-01-26 09:31 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Google
2015-01-26 09:30 - 2015-01-26 09:31 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 09:30 - 2015-01-26 09:30 - 00880784 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2015-01-26 09:30 - 2015-01-26 09:30 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 09:30 - 2015-01-26 09:30 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-17 13:13 - 2015-01-17 13:14 - 06381120 _____ (Tim Kosse) C:\Users\Dirk\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-15 08:32 - 2015-01-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 07:38 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:38 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:38 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:38 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:38 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:38 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:38 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:38 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:38 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:38 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:38 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:38 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:38 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 08:52 - 2015-01-13 08:52 - 00000971 _____ () C:\Users\Dirk\Desktop\Zahlungen - Verknüpfung.lnk
2015-01-12 20:18 - 2015-01-12 20:18 - 00000000 ____D () C:\Windows\Sun
2015-01-02 08:51 - 2015-01-02 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-02 08:49 - 2015-01-02 08:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-02 08:49 - 2015-01-02 08:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-01 19:42 - 2014-01-30 21:59 - 00000000 ____D () C:\Users\Dirk
2015-02-01 19:30 - 2014-01-30 21:53 - 01989027 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 19:16 - 2014-02-10 20:16 - 00000284 _____ () C:\Windows\Tasks\FoxTab.job
2015-02-01 19:06 - 2014-02-12 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 17:37 - 2009-07-14 05:45 - 00036752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 17:37 - 2009-07-14 05:45 - 00036752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 12:38 - 2014-02-06 13:14 - 00000600 _____ () C:\Users\Dirk\AppData\Roaming\winscp.rnd
2015-02-01 11:40 - 2014-01-31 19:51 - 00001456 _____ () C:\Users\Dirk\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-01 00:24 - 2014-01-31 20:58 - 00000000 ____D () C:\Program Files (x86)\RenWiz
2015-02-01 00:13 - 2014-07-09 19:20 - 00000400 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-02-01 00:13 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2015-02-01 00:13 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2015-02-01 00:13 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 00:10 - 2014-02-10 20:16 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2015-01-27 22:00 - 2014-01-31 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 19:50 - 2014-12-31 12:57 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\InetStat
2015-01-25 22:23 - 2014-02-12 09:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:23 - 2014-01-31 20:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:23 - 2014-01-31 20:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 18:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 18:18 - 2009-07-14 05:51 - 00084467 _____ () C:\Windows\setupact.log
2015-01-22 14:25 - 2014-01-31 20:44 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-01-22 11:58 - 2010-11-21 04:47 - 00130146 _____ () C:\Windows\PFRO.log
2015-01-17 18:09 - 2014-02-09 14:21 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\FileZilla
2015-01-17 13:14 - 2014-01-31 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-14 17:29 - 2014-01-30 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:24 - 2014-01-30 22:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 14:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-02 20:50 - 2014-12-23 10:54 - 00018388 _____ () C:\Users\Dirk\Desktop\Domain - alte neue Adressen.xlsx
==================== Files in the root of some directories =======
2015-01-26 09:30 - 2015-01-26 09:30 - 0880784 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2014-09-18 09:01 - 2014-09-18 09:01 - 0000132 _____ () C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-11-09 10:57 - 2014-12-21 19:03 - 0000132 _____ () C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-07 10:01 - 2014-02-07 10:06 - 0033757 _____ () C:\Users\Dirk\AppData\Roaming\LiveSupport.exe_log.txt
2014-02-07 10:01 - 2014-02-07 10:06 - 0000092 _____ () C:\Users\Dirk\AppData\Roaming\regsvr32.exe_log.txt
2014-02-10 20:16 - 2014-07-19 04:52 - 0000138 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2014-02-06 13:14 - 2015-02-01 12:38 - 0000600 _____ () C:\Users\Dirk\AppData\Roaming\winscp.rnd
2014-01-31 19:51 - 2015-02-01 11:40 - 0001456 _____ () C:\Users\Dirk\AppData\Local\Adobe Save for Web 13.0 Prefs
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\Temp\avgnt.exe
C:\Users\Dirk\AppData\Local\Temp\FirefoxUpdateSetup.exe
C:\Users\Dirk\AppData\Local\Temp\MozillaThunderbirdUpdateSetup.exe
C:\Users\Dirk\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dirk\AppData\Local\Temp\WinSCPUpdateSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 21:10
==================== End Of Log ============================
---- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Dirk at 2015-02-01 19:46:48
Running from C:\Users\Dirk\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Aff Packages (HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Aff Packages) (Version: - ) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astalavista (HKLM-x32\...\Astalavista_is1) (Version: - Tangysoft Ltd.)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CoffeeCup HTML Editor (HKLM-x32\...\CoffeeCup HTML Editor) (Version: - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.2.0 - COMODO)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dir-It! (HKLM-x32\...\{E3ED49BB-0544-4844-B296-6A0CB28E7BE3}) (Version: 4.02.0000 - Wirth IT Design)
Dropbox (HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION!
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InetStat (HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.74.55 - Huawei Technologies Co.,Ltd)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
KMSpico v9.2.1 Beta (HKLM\...\KMSpico_is1) (Version: 9.2.1 Beta - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
RenWiz (HKLM-x32\...\RenWiz) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SiteFinder (HKLM-x32\...\SiteFinder) (Version: 1.0.0.0 - SiteFinder) <==== ATTENTION!
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 beta 2 - Ghisler Software GmbH)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Wajam (HKLM-x32\...\WaInterEnhance) (Version: 2.21.2.27 (i2.6) - WaInterEnhance) <==== ATTENTION
WinRAR 5.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
WinX Free VOB to MP4 Converter 2.0.8 (HKLM-x32\...\WinX Free VOB to MP4 Converter_is1) (Version: - Digiarty Software,Inc.)
XAMPP (HKLM-x32\...\xampp) (Version: 5.5.19-0 - Bitnami)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2636347820-3807825714-3230885982-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
02-01-2015 08:47:32 Windows Update
10-01-2015 20:04:36 Geplanter Prüfpunkt
14-01-2015 17:23:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {09BBD4E6-109A-4FA4-913D-ADC818E09E51} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-02-06] ()
Task: {1F380982-EFF2-484C-AA6F-8D878A762308} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\TSAssist.exe [2014-03-25] (Trusted Software ApS) <==== ATTENTION
Task: {2DA51495-F6AA-4492-82DC-A707F8CEBE16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {34743A0B-2835-4136-8BE5-23D5D5BCED6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {38B23841-6FBA-400F-92D8-5EB7151A7761} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {407D16EC-A881-4078-A81B-1155EF0EC411} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26] (Google Inc.)
Task: {468C148B-2A09-4D18-8F69-23DF929387EC} - System32\Tasks\FoxTab => C:\Users\Dirk\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {5E3A168B-1B44-40D4-B45F-37031B307BE7} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2014-05-12] ( ) <==== ATTENTION
Task: {7076039A-89BB-4C75-9A5B-96DA1009C2FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {77A34205-B5A1-41BF-BBF9-8155CFED088E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {A072A749-E658-45B4-A6F2-899D936A521B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26] (Google Inc.)
Task: {B8FFD1D8-C229-4290-9A6F-B0AC99248C76} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EF424FFF-4607-4D35-8AB2-725EB1DC84C1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FAFB8D22-ECBC-420D-B847-DAAD9E714010} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Dirk\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-05-14 11:06 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
2014-02-11 03:21 - 2014-02-11 03:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-14 11:08 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 11:06 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll
2014-05-14 11:06 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll
2014-05-14 11:06 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll
2014-05-14 11:06 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-05-14 11:06 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll
2014-05-14 11:08 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll
2014-05-14 11:08 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll
2015-01-27 08:09 - 2015-01-27 08:10 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-16 16:34 - 2015-01-16 16:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-01-15 08:32 - 2015-01-15 08:32 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-15 08:32 - 2015-01-15 08:32 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-15 08:32 - 2015-01-15 08:32 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2636347820-3807825714-3230885982-500 - Administrator - Disabled)
Dirk (S-1-5-21-2636347820-3807825714-3230885982-1000 - Administrator - Enabled) => C:\Users\Dirk
Gast (S-1-5-21-2636347820-3807825714-3230885982-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2636347820-3807825714-3230885982-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2015 06:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: inetstat.exe, Version: 0.0.0.0, Zeitstempel: 0x54b800bc
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002fb8c
ID des fehlerhaften Prozesses: 0x2814
Startzeit der fehlerhaften Anwendung: 0xinetstat.exe0
Pfad der fehlerhaften Anwendung: inetstat.exe1
Pfad des fehlerhaften Moduls: inetstat.exe2
Berichtskennung: inetstat.exe3
Error: (02/01/2015 04:06:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11384719
Error: (02/01/2015 04:06:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11384719
Error: (02/01/2015 04:06:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 04:06:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11383689
Error: (02/01/2015 04:06:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11383689
Error: (02/01/2015 04:06:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 04:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11382675
Error: (02/01/2015 04:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11382675
Error: (02/01/2015 04:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (02/01/2015 04:05:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (02/01/2015 11:03:23 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (02/01/2015 07:04:28 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (02/01/2015 00:10:02 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/31/2015 08:50:45 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/30/2015 08:29:02 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/30/2015 08:29:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Error: (01/30/2015 04:34:12 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (01/30/2015 04:34:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (01/29/2015 09:51:13 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
Error: (02/01/2015 06:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: inetstat.exe0.0.0.054b800bcntdll.dll6.1.7601.18247521ea8e7c00000050002fb8c281401d03a616c432dabC:\Users\Dirk\AppData\Roaming\InetStat\inetstat.exeC:\Windows\SysWOW64\ntdll.dllc8d308f5-aa3a-11e4-9589-00238be6d5f7
Error: (02/01/2015 04:06:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11384719
Error: (02/01/2015 04:06:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11384719
Error: (02/01/2015 04:06:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 04:06:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11383689
Error: (02/01/2015 04:06:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11383689
Error: (02/01/2015 04:06:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/01/2015 04:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11382675
Error: (02/01/2015 04:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11382675
Error: (02/01/2015 04:06:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4093.2 MB
Available physical RAM: 1676.47 MB
Total Pagefile: 8184.57 MB
Available Pagefile: 5142.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Basis-Dirk) (Fixed) (Total:195.21 GB) (Free:130.21 GB) NTFS
Drive d: (Daten-Dirk) (Fixed) (Total:270.45 GB) (Free:230.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D25E215D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
---- GMER.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-02 10:23:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LT012-1DG142 rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Dirk\AppData\Local\Temp\pgtdapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800031b7000 63 bytes [43, 4D, 33, 31, 05, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 513 fffff800031b7041 12 bytes [90, D5, 0C, A0, F8, FF, FF, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\Explorer.EXE [2336:5100] 0000000010a07b20
Thread C:\Windows\Explorer.EXE [2336:10036] 0000000010a281a0
Thread C:\Windows\Explorer.EXE [2336:12052] 0000000011eb7b20
Thread C:\Windows\Explorer.EXE [2336:9484] 0000000011ed81a0
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [1224](2014-05-14 10:06:28) 0000000000400000
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [1224](2014-05-14 10:06:28) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [1224](2014-05-14 10:06:28) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [1224](2014-05-14 10:06:28) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [1224](2014-05-14 10:06:28) 000000006ff00000
Process C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:08:52) 0000000000400000
Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:06:28) 000000006fbc0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:06:28) 000000006e940000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:06:28) 000000006a1c0000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:06:28) 0000000065100000
Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:06:28) 000000006ff00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:08:52) 0000000068f00000
Library C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe [5704](2014-05-14 10:08:52) 000000006bdc0000
---- EOF - GMER 2.1 ----
|
|
02.02.2015, 11:28
| #2 |
| /// the machine /// TB-Ausbilder    | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
02.02.2015, 13:17
| #3 |
| | Virenscanner aus ? Hallo
__________________Soll ich während der gesamten Vorgänge die Internetverbindung trennen und Alvira-Schutz deaktivieren ? Hier der Mbar-Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org
Database version:
main: v2015.02.02.02
rootkit: v2015.01.14.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Dirk :: DIRK-PC [administrator]
02.02.2015 12:30:53
mbar-log-2015-02-02 (12-30-53).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 339097
Time elapsed: 19 minute(s), 26 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Und hier der TDSS-Killer.log: Code:
ATTFilter 13:09:18.0561 0x42f4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:09:27.0220 0x42f4 ============================================================
13:09:27.0220 0x42f4 Current date / time: 2015/02/02 13:09:27.0220
13:09:27.0220 0x42f4 SystemInfo:
13:09:27.0220 0x42f4
13:09:27.0220 0x42f4 OS Version: 6.1.7601 ServicePack: 1.0
13:09:27.0220 0x42f4 Product type: Workstation
13:09:27.0220 0x42f4 ComputerName: DIRK-PC
13:09:27.0221 0x42f4 UserName: Dirk
13:09:27.0221 0x42f4 Windows directory: C:\Windows
13:09:27.0221 0x42f4 System windows directory: C:\Windows
13:09:27.0221 0x42f4 Running under WOW64
13:09:27.0221 0x42f4 Processor architecture: Intel x64
13:09:27.0221 0x42f4 Number of processors: 2
13:09:27.0221 0x42f4 Page size: 0x1000
13:09:27.0221 0x42f4 Boot type: Normal boot
13:09:27.0221 0x42f4 ============================================================
13:09:29.0526 0x42f4 KLMD registered as C:\Windows\system32\drivers\56646749.sys
13:09:29.0827 0x42f4 System UUID: {AD9A45AA-41BE-88E7-9F72-A5C7514600F3}
13:09:30.0508 0x42f4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:09:30.0531 0x42f4 ============================================================
13:09:30.0531 0x42f4 \Device\Harddisk0\DR0:
13:09:30.0532 0x42f4 MBR partitions:
13:09:30.0532 0x42f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:09:30.0532 0x42f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
13:09:30.0532 0x42f4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x21CE5800
13:09:30.0532 0x42f4 ============================================================
13:09:30.0584 0x42f4 C: <-> \Device\Harddisk0\DR0\Partition2
13:09:30.0631 0x42f4 D: <-> \Device\Harddisk0\DR0\Partition3
13:09:30.0631 0x42f4 ============================================================
13:09:30.0631 0x42f4 Initialize success
13:09:30.0631 0x42f4 ============================================================
13:10:37.0642 0x0cfc ============================================================
13:10:37.0642 0x0cfc Scan started
13:10:37.0642 0x0cfc Mode: Manual; SigCheck; TDLFS;
13:10:37.0642 0x0cfc ============================================================
13:10:37.0642 0x0cfc KSN ping started
13:10:51.0448 0x0cfc KSN ping finished: true
13:10:52.0540 0x0cfc ================ Scan system memory ========================
13:10:52.0540 0x0cfc System memory - ok
13:10:52.0540 0x0cfc ================ Scan services =============================
13:10:52.0681 0x0cfc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:10:52.0821 0x0cfc 1394ohci - ok
13:10:52.0852 0x0cfc [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:10:52.0883 0x0cfc Accelerometer - ok
13:10:52.0930 0x0cfc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:10:52.0961 0x0cfc ACPI - ok
13:10:52.0993 0x0cfc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:10:53.0071 0x0cfc AcpiPmi - ok
13:10:53.0180 0x0cfc [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:10:53.0211 0x0cfc AdobeARMservice - ok
13:10:53.0320 0x0cfc [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:10:53.0351 0x0cfc AdobeFlashPlayerUpdateSvc - ok
13:10:53.0414 0x0cfc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:10:53.0461 0x0cfc adp94xx - ok
13:10:53.0523 0x0cfc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:10:53.0570 0x0cfc adpahci - ok
13:10:53.0601 0x0cfc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:10:53.0632 0x0cfc adpu320 - ok
13:10:53.0663 0x0cfc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:10:53.0788 0x0cfc AeLookupSvc - ok
13:10:53.0897 0x0cfc [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
13:10:53.0960 0x0cfc AESTFilters - ok
13:10:54.0022 0x0cfc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
13:10:54.0116 0x0cfc AFD - ok
13:10:54.0147 0x0cfc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
13:10:54.0163 0x0cfc agp440 - ok
13:10:54.0194 0x0cfc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
13:10:54.0272 0x0cfc ALG - ok
13:10:54.0303 0x0cfc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
13:10:54.0319 0x0cfc aliide - ok
13:10:54.0365 0x0cfc [ D696F317BD465A602566F8E1DCCE15F7, 6CE77CD4221C0854986F760D1944DF9F4255192D99630D43A0527A6D58D83406 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:10:54.0443 0x0cfc AMD External Events Utility - ok
13:10:54.0459 0x0cfc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
13:10:54.0475 0x0cfc amdide - ok
13:10:54.0506 0x0cfc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:10:54.0568 0x0cfc AmdK8 - ok
13:10:54.0584 0x0cfc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:10:54.0615 0x0cfc AmdPPM - ok
13:10:54.0662 0x0cfc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:10:54.0677 0x0cfc amdsata - ok
13:10:54.0724 0x0cfc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:10:54.0755 0x0cfc amdsbs - ok
13:10:54.0771 0x0cfc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:10:54.0802 0x0cfc amdxata - ok
13:10:54.0865 0x0cfc [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:10:54.0911 0x0cfc AntiVirSchedulerService - ok
13:10:54.0958 0x0cfc [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:10:54.0989 0x0cfc AntiVirService - ok
13:10:55.0052 0x0cfc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
13:10:55.0223 0x0cfc AppID - ok
13:10:55.0239 0x0cfc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:10:55.0333 0x0cfc AppIDSvc - ok
13:10:55.0364 0x0cfc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
13:10:55.0504 0x0cfc Appinfo - ok
13:10:55.0691 0x0cfc [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:10:55.0707 0x0cfc Apple Mobile Device - ok
13:10:55.0769 0x0cfc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
13:10:55.0832 0x0cfc AppMgmt - ok
13:10:55.0847 0x0cfc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
13:10:55.0879 0x0cfc arc - ok
13:10:55.0910 0x0cfc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:10:55.0941 0x0cfc arcsas - ok
13:10:56.0035 0x0cfc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:10:56.0066 0x0cfc aspnet_state - ok
13:10:56.0097 0x0cfc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:10:56.0175 0x0cfc AsyncMac - ok
13:10:56.0206 0x0cfc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
13:10:56.0237 0x0cfc atapi - ok
13:10:56.0549 0x0cfc [ 52BD95CAA9CAE8977FE043E9AD6D2D0E, E96DD29A2FCE1403340CB29D34F657DF17F483F62A2E8E24890F9BC4812B2971 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:10:57.0111 0x0cfc atikmdag - ok
13:10:57.0205 0x0cfc [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:10:57.0298 0x0cfc AudioEndpointBuilder - ok
13:10:57.0329 0x0cfc [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:10:57.0392 0x0cfc AudioSrv - ok
13:10:57.0485 0x0cfc [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:10:57.0501 0x0cfc avgntflt - ok
13:10:57.0579 0x0cfc [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:10:57.0595 0x0cfc avipbb - ok
13:10:57.0704 0x0cfc [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
13:10:57.0719 0x0cfc Avira.OE.ServiceHost - ok
13:10:57.0766 0x0cfc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:10:57.0797 0x0cfc avkmgr - ok
13:10:57.0860 0x0cfc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:10:57.0969 0x0cfc AxInstSV - ok
13:10:58.0016 0x0cfc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:10:58.0094 0x0cfc b06bdrv - ok
13:10:58.0141 0x0cfc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:10:58.0203 0x0cfc b57nd60a - ok
13:10:58.0375 0x0cfc [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
13:10:58.0515 0x0cfc BCM43XX - ok
13:10:58.0562 0x0cfc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
13:10:58.0609 0x0cfc BDESVC - ok
13:10:58.0640 0x0cfc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
13:10:58.0733 0x0cfc Beep - ok
13:10:58.0765 0x0cfc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
13:10:58.0858 0x0cfc BFE - ok
13:10:58.0921 0x0cfc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
13:10:59.0045 0x0cfc BITS - ok
13:10:59.0092 0x0cfc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:10:59.0139 0x0cfc blbdrive - ok
13:10:59.0201 0x0cfc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:10:59.0233 0x0cfc Bonjour Service - ok
13:10:59.0279 0x0cfc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:10:59.0326 0x0cfc bowser - ok
13:10:59.0357 0x0cfc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:10:59.0389 0x0cfc BrFiltLo - ok
13:10:59.0404 0x0cfc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:10:59.0435 0x0cfc BrFiltUp - ok
13:10:59.0467 0x0cfc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
13:10:59.0513 0x0cfc Browser - ok
13:10:59.0545 0x0cfc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:10:59.0607 0x0cfc Brserid - ok
13:10:59.0623 0x0cfc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:10:59.0669 0x0cfc BrSerWdm - ok
13:10:59.0685 0x0cfc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:10:59.0716 0x0cfc BrUsbMdm - ok
13:10:59.0732 0x0cfc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:10:59.0763 0x0cfc BrUsbSer - ok
13:10:59.0779 0x0cfc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:10:59.0810 0x0cfc BTHMODEM - ok
13:10:59.0857 0x0cfc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
13:10:59.0935 0x0cfc bthserv - ok
13:10:59.0981 0x0cfc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:11:00.0059 0x0cfc cdfs - ok
13:11:00.0122 0x0cfc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:11:00.0169 0x0cfc cdrom - ok
13:11:00.0200 0x0cfc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
13:11:00.0262 0x0cfc CertPropSvc - ok
13:11:00.0293 0x0cfc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
13:11:00.0340 0x0cfc circlass - ok
13:11:00.0371 0x0cfc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
13:11:00.0403 0x0cfc CLFS - ok
13:11:00.0481 0x0cfc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:00.0512 0x0cfc clr_optimization_v2.0.50727_32 - ok
13:11:00.0559 0x0cfc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:11:00.0574 0x0cfc clr_optimization_v2.0.50727_64 - ok
13:11:00.0652 0x0cfc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:00.0683 0x0cfc clr_optimization_v4.0.30319_32 - ok
13:11:00.0699 0x0cfc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:11:00.0730 0x0cfc clr_optimization_v4.0.30319_64 - ok
13:11:00.0777 0x0cfc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:11:00.0808 0x0cfc CmBatt - ok
13:11:00.0824 0x0cfc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:11:00.0839 0x0cfc cmdide - ok
13:11:00.0917 0x0cfc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
13:11:00.0980 0x0cfc CNG - ok
13:11:01.0011 0x0cfc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:11:01.0042 0x0cfc Compbatt - ok
13:11:01.0058 0x0cfc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:11:01.0120 0x0cfc CompositeBus - ok
13:11:01.0136 0x0cfc COMSysApp - ok
13:11:01.0151 0x0cfc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:11:01.0183 0x0cfc crcdisk - ok
13:11:01.0214 0x0cfc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:11:01.0261 0x0cfc CryptSvc - ok
13:11:01.0307 0x0cfc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
13:11:01.0370 0x0cfc CSC - ok
13:11:01.0417 0x0cfc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
13:11:01.0495 0x0cfc CscService - ok
13:11:01.0573 0x0cfc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:11:01.0682 0x0cfc DcomLaunch - ok
13:11:01.0729 0x0cfc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
13:11:01.0822 0x0cfc defragsvc - ok
13:11:01.0838 0x0cfc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:11:01.0931 0x0cfc DfsC - ok
13:11:01.0978 0x0cfc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:11:02.0041 0x0cfc Dhcp - ok
13:11:02.0056 0x0cfc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
13:11:02.0134 0x0cfc discache - ok
13:11:02.0181 0x0cfc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
13:11:02.0197 0x0cfc Disk - ok
13:11:02.0228 0x0cfc [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:11:02.0275 0x0cfc dmvsc - ok
13:11:02.0321 0x0cfc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:11:02.0384 0x0cfc Dnscache - ok
13:11:02.0446 0x0cfc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
13:11:02.0524 0x0cfc dot3svc - ok
13:11:02.0555 0x0cfc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
13:11:02.0649 0x0cfc DPS - ok
13:11:02.0805 0x0cfc [ 08EE57B20D4508B24A7E3619F10F5FD3, 2506E2D0429B44D4A0F0781BC9D2C631CE809634080FFA0612F03FE6391F61C4 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
13:11:02.0930 0x0cfc DragonUpdater - ok
13:11:02.0977 0x0cfc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:11:03.0023 0x0cfc drmkaud - ok
13:11:03.0117 0x0cfc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:11:03.0179 0x0cfc DXGKrnl - ok
13:11:03.0242 0x0cfc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
13:11:03.0320 0x0cfc EapHost - ok
13:11:03.0507 0x0cfc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:11:03.0741 0x0cfc ebdrv - ok
13:11:03.0803 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
13:11:03.0850 0x0cfc EFS - ok
13:11:03.0944 0x0cfc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:11:04.0037 0x0cfc ehRecvr - ok
13:11:04.0053 0x0cfc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
13:11:04.0084 0x0cfc ehSched - ok
13:11:04.0147 0x0cfc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:11:04.0193 0x0cfc elxstor - ok
13:11:04.0209 0x0cfc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:11:04.0240 0x0cfc ErrDev - ok
13:11:04.0303 0x0cfc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
13:11:04.0396 0x0cfc EventSystem - ok
13:11:04.0443 0x0cfc [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:11:04.0505 0x0cfc ew_hwusbdev - ok
13:11:04.0537 0x0cfc [ FF82FE59664304F75FC56EC0E92796F0, 943DF1D66BAC8EDDF45E77E2E17136ADBD2A5378BBFA93D2C78C16FEC5A7F14F ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
13:11:04.0599 0x0cfc ew_usbenumfilter - ok
13:11:04.0630 0x0cfc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
13:11:04.0693 0x0cfc exfat - ok
13:11:04.0739 0x0cfc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:11:04.0817 0x0cfc fastfat - ok
13:11:04.0880 0x0cfc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
13:11:04.0973 0x0cfc Fax - ok
13:11:05.0005 0x0cfc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
13:11:05.0036 0x0cfc fdc - ok
13:11:05.0067 0x0cfc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
13:11:05.0161 0x0cfc fdPHost - ok
13:11:05.0176 0x0cfc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
13:11:05.0254 0x0cfc FDResPub - ok
13:11:05.0285 0x0cfc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:11:05.0301 0x0cfc FileInfo - ok
13:11:05.0332 0x0cfc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:11:05.0410 0x0cfc Filetrace - ok
13:11:05.0426 0x0cfc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:11:05.0441 0x0cfc flpydisk - ok
13:11:05.0488 0x0cfc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:11:05.0519 0x0cfc FltMgr - ok
13:11:05.0613 0x0cfc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
13:11:05.0863 0x0cfc FontCache - ok
13:11:05.0987 0x0cfc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:11:06.0003 0x0cfc FontCache3.0.0.0 - ok
13:11:06.0034 0x0cfc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:11:06.0065 0x0cfc FsDepends - ok
13:11:06.0081 0x0cfc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:11:06.0112 0x0cfc Fs_Rec - ok
13:11:06.0143 0x0cfc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:11:06.0190 0x0cfc fvevol - ok
13:11:06.0221 0x0cfc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:11:06.0237 0x0cfc gagp30kx - ok
13:11:06.0284 0x0cfc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:11:06.0299 0x0cfc GEARAspiWDM - ok
13:11:06.0362 0x0cfc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
13:11:06.0471 0x0cfc gpsvc - ok
13:11:06.0518 0x0cfc [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:11:06.0549 0x0cfc gupdate - ok
13:11:06.0565 0x0cfc [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:11:06.0580 0x0cfc gupdatem - ok
13:11:06.0611 0x0cfc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:11:06.0674 0x0cfc hcw85cir - ok
13:11:06.0721 0x0cfc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:11:06.0877 0x0cfc HdAudAddService - ok
13:11:06.0908 0x0cfc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:11:06.0955 0x0cfc HDAudBus - ok
13:11:06.0970 0x0cfc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:11:07.0001 0x0cfc HidBatt - ok
13:11:07.0017 0x0cfc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:11:07.0079 0x0cfc HidBth - ok
13:11:07.0079 0x0cfc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
13:11:07.0111 0x0cfc HidIr - ok
13:11:07.0142 0x0cfc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
13:11:07.0220 0x0cfc hidserv - ok
13:11:07.0267 0x0cfc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:11:07.0329 0x0cfc HidUsb - ok
13:11:07.0360 0x0cfc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:11:07.0454 0x0cfc hkmsvc - ok
13:11:07.0469 0x0cfc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:11:07.0532 0x0cfc HomeGroupListener - ok
13:11:07.0579 0x0cfc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:11:07.0641 0x0cfc HomeGroupProvider - ok
13:11:07.0688 0x0cfc [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:11:07.0703 0x0cfc hpdskflt - ok
13:11:07.0735 0x0cfc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:11:07.0766 0x0cfc HpSAMD - ok
13:11:07.0781 0x0cfc [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv C:\Windows\system32\Hpservice.exe
13:11:07.0797 0x0cfc hpsrv - ok
13:11:07.0859 0x0cfc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:11:07.0969 0x0cfc HTTP - ok
13:11:08.0015 0x0cfc [ 4205571B46BAF3A43D43A9804810DF9A, 65F971AD054810113EE5057E3B4FFF611BBE299671C8017E6E5B0F16FC4D58AE ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
13:11:08.0062 0x0cfc huawei_cdcacm - ok
13:11:08.0093 0x0cfc [ F6C1661C55EAAD2DD9FBB37D5DF1A011, 8511A28F6FAECCBB86342B9490158C2E1031B6161DAD702D0DC2991366DB28DA ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:11:08.0140 0x0cfc huawei_enumerator - ok
13:11:08.0171 0x0cfc [ F7D991E5EA0433DBAEEE186CAD2BEBC9, D051ECAABFEBFCBBA548964DCCDD29DD996814AF4B01AE11B244584BD0FBD82B ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
13:11:08.0218 0x0cfc huawei_ext_ctrl - ok
13:11:08.0249 0x0cfc [ 06D9644E6BD7AD1C18B78D4D4EE87586, CEA690D0E86993DE9E92118C1E545C2AA0498606A721382734B5B0FD5BBFA7C0 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
13:11:08.0296 0x0cfc huawei_wwanecm - ok
13:11:08.0405 0x0cfc [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
13:11:08.0437 0x0cfc HWDeviceService64.exe - ok
13:11:08.0468 0x0cfc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:11:08.0483 0x0cfc hwpolicy - ok
13:11:08.0530 0x0cfc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:11:08.0561 0x0cfc i8042prt - ok
13:11:08.0593 0x0cfc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:11:08.0639 0x0cfc iaStorV - ok
13:11:08.0733 0x0cfc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:11:08.0780 0x0cfc idsvc - ok
13:11:08.0811 0x0cfc IEEtwCollectorService - ok
13:11:08.0858 0x0cfc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:11:08.0889 0x0cfc iirsp - ok
13:11:08.0967 0x0cfc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
13:11:09.0092 0x0cfc IKEEXT - ok
13:11:09.0123 0x0cfc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
13:11:09.0154 0x0cfc intelide - ok
13:11:09.0185 0x0cfc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:11:09.0248 0x0cfc intelppm - ok
13:11:09.0310 0x0cfc [ F87AB0028BEC24F93519F33AEA39B90A, 17108380F71B2C453038ADE2CB92E7E91A15DE71BF07249186BCAF44BDC28733 ] Internet Enhancer Service C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe
13:11:09.0341 0x0cfc Internet Enhancer Service - detected UnsignedFile.Multi.Generic ( 1 )
13:11:12.0118 0x0cfc Detect skipped due to KSN trusted
13:11:12.0118 0x0cfc Internet Enhancer Service - ok
13:11:12.0337 0x0cfc [ C5678CCEB3E9E03639C0A0E67B132E92, 3997C2F0410C7211C32730D3D80CDE18EABAAC9F244282008490351B9A4057EB ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
13:11:12.0383 0x0cfc Internet Manager. RunOuc - detected UnsignedFile.Multi.Generic ( 1 )
13:11:15.0317 0x0cfc Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - warning
13:11:15.0317 0x0cfc Force sending object to P2P due to detect: Internet Manager. RunOuc
13:11:18.0110 0x0cfc Object send P2P result: true
13:11:20.0918 0x0cfc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:11:20.0996 0x0cfc IPBusEnum - ok
13:11:21.0058 0x0cfc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:11:21.0121 0x0cfc IpFilterDriver - ok
13:11:21.0167 0x0cfc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:11:21.0245 0x0cfc iphlpsvc - ok
13:11:21.0277 0x0cfc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:11:21.0308 0x0cfc IPMIDRV - ok
13:11:21.0323 0x0cfc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:11:21.0417 0x0cfc IPNAT - ok
13:11:21.0479 0x0cfc [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:11:21.0526 0x0cfc iPod Service - ok
13:11:21.0557 0x0cfc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:11:21.0604 0x0cfc IRENUM - ok
13:11:21.0604 0x0cfc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:11:21.0635 0x0cfc isapnp - ok
13:11:21.0667 0x0cfc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:11:21.0698 0x0cfc iScsiPrt - ok
13:11:21.0729 0x0cfc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:11:21.0760 0x0cfc kbdclass - ok
13:11:21.0791 0x0cfc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:11:21.0807 0x0cfc kbdhid - ok
13:11:21.0838 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
13:11:21.0854 0x0cfc KeyIso - ok
13:11:21.0901 0x0cfc [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:11:21.0932 0x0cfc KSecDD - ok
13:11:21.0979 0x0cfc [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:11:21.0994 0x0cfc KSecPkg - ok
13:11:22.0041 0x0cfc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:11:22.0103 0x0cfc ksthunk - ok
13:11:22.0150 0x0cfc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
13:11:22.0259 0x0cfc KtmRm - ok
13:11:22.0306 0x0cfc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:11:22.0384 0x0cfc LanmanServer - ok
13:11:22.0431 0x0cfc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:11:22.0525 0x0cfc LanmanWorkstation - ok
13:11:22.0556 0x0cfc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:11:22.0634 0x0cfc lltdio - ok
13:11:22.0681 0x0cfc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:11:22.0774 0x0cfc lltdsvc - ok
13:11:22.0790 0x0cfc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:11:22.0868 0x0cfc lmhosts - ok
13:11:22.0915 0x0cfc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:11:22.0930 0x0cfc LSI_FC - ok
13:11:22.0961 0x0cfc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:11:22.0977 0x0cfc LSI_SAS - ok
13:11:23.0008 0x0cfc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:11:23.0024 0x0cfc LSI_SAS2 - ok
13:11:23.0039 0x0cfc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:11:23.0071 0x0cfc LSI_SCSI - ok
13:11:23.0117 0x0cfc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
13:11:23.0195 0x0cfc luafv - ok
13:11:23.0211 0x0cfc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:11:23.0258 0x0cfc Mcx2Svc - ok
13:11:23.0273 0x0cfc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
13:11:23.0305 0x0cfc megasas - ok
13:11:23.0336 0x0cfc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:11:23.0367 0x0cfc MegaSR - ok
13:11:23.0414 0x0cfc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
13:11:23.0492 0x0cfc MMCSS - ok
13:11:23.0523 0x0cfc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
13:11:23.0601 0x0cfc Modem - ok
13:11:23.0632 0x0cfc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:11:23.0663 0x0cfc monitor - ok
13:11:23.0679 0x0cfc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:11:23.0710 0x0cfc mouclass - ok
13:11:23.0741 0x0cfc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:11:23.0757 0x0cfc mouhid - ok
13:11:23.0773 0x0cfc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:11:23.0804 0x0cfc mountmgr - ok
13:11:23.0835 0x0cfc [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:11:23.0866 0x0cfc MozillaMaintenance - ok
13:11:23.0897 0x0cfc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:11:23.0929 0x0cfc mpio - ok
13:11:23.0960 0x0cfc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:11:24.0038 0x0cfc mpsdrv - ok
13:11:24.0100 0x0cfc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:11:24.0209 0x0cfc MpsSvc - ok
13:11:24.0256 0x0cfc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:11:24.0303 0x0cfc MRxDAV - ok
13:11:24.0350 0x0cfc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:11:24.0397 0x0cfc mrxsmb - ok
13:11:24.0428 0x0cfc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:11:24.0459 0x0cfc mrxsmb10 - ok
13:11:24.0475 0x0cfc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:11:24.0506 0x0cfc mrxsmb20 - ok
13:11:24.0553 0x0cfc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
13:11:24.0568 0x0cfc msahci - ok
13:11:24.0615 0x0cfc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:11:24.0646 0x0cfc msdsm - ok
13:11:24.0693 0x0cfc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
13:11:24.0740 0x0cfc MSDTC - ok
13:11:24.0787 0x0cfc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:11:24.0865 0x0cfc Msfs - ok
13:11:24.0880 0x0cfc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:11:24.0958 0x0cfc mshidkmdf - ok
13:11:24.0974 0x0cfc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:11:25.0005 0x0cfc msisadrv - ok
13:11:25.0052 0x0cfc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:11:25.0145 0x0cfc MSiSCSI - ok
13:11:25.0161 0x0cfc msiserver - ok
13:11:25.0192 0x0cfc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:11:25.0270 0x0cfc MSKSSRV - ok
13:11:25.0286 0x0cfc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:11:25.0364 0x0cfc MSPCLOCK - ok
13:11:25.0395 0x0cfc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:11:25.0489 0x0cfc MSPQM - ok
13:11:25.0520 0x0cfc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:11:25.0551 0x0cfc MsRPC - ok
13:11:25.0567 0x0cfc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:11:25.0598 0x0cfc mssmbios - ok
13:11:25.0598 0x0cfc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:11:25.0676 0x0cfc MSTEE - ok
13:11:25.0691 0x0cfc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:11:25.0723 0x0cfc MTConfig - ok
13:11:25.0723 0x0cfc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
13:11:25.0754 0x0cfc Mup - ok
13:11:25.0801 0x0cfc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
13:11:25.0863 0x0cfc napagent - ok
13:11:25.0910 0x0cfc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:11:25.0957 0x0cfc NativeWifiP - ok
13:11:26.0019 0x0cfc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
13:11:26.0081 0x0cfc NDIS - ok
13:11:26.0097 0x0cfc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:11:26.0175 0x0cfc NdisCap - ok
13:11:26.0191 0x0cfc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:11:26.0269 0x0cfc NdisTapi - ok
13:11:26.0284 0x0cfc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:11:26.0362 0x0cfc Ndisuio - ok
13:11:26.0393 0x0cfc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:11:26.0471 0x0cfc NdisWan - ok
13:11:26.0518 0x0cfc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:11:26.0581 0x0cfc NDProxy - ok
13:11:26.0612 0x0cfc [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
13:11:26.0659 0x0cfc Netaapl - ok
13:11:26.0690 0x0cfc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:11:26.0768 0x0cfc NetBIOS - ok
13:11:26.0799 0x0cfc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:11:26.0877 0x0cfc NetBT - ok
13:11:26.0908 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
13:11:26.0924 0x0cfc Netlogon - ok
13:11:26.0986 0x0cfc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
13:11:27.0080 0x0cfc Netman - ok
13:11:27.0111 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:11:27.0142 0x0cfc NetMsmqActivator - ok
13:11:27.0158 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:11:27.0189 0x0cfc NetPipeActivator - ok
13:11:27.0220 0x0cfc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
13:11:27.0314 0x0cfc netprofm - ok
13:11:27.0345 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:11:27.0376 0x0cfc NetTcpActivator - ok
13:11:27.0392 0x0cfc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:11:27.0423 0x0cfc NetTcpPortSharing - ok
13:11:27.0454 0x0cfc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:11:27.0485 0x0cfc nfrd960 - ok
13:11:27.0517 0x0cfc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:11:27.0579 0x0cfc NlaSvc - ok
13:11:27.0595 0x0cfc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:11:27.0657 0x0cfc Npfs - ok
13:11:27.0704 0x0cfc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
13:11:27.0782 0x0cfc nsi - ok
13:11:27.0797 0x0cfc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:11:27.0875 0x0cfc nsiproxy - ok
13:11:27.0986 0x0cfc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:11:28.0095 0x0cfc Ntfs - ok
13:11:28.0142 0x0cfc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
13:11:28.0204 0x0cfc Null - ok
13:11:28.0235 0x0cfc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:11:28.0266 0x0cfc nvraid - ok
13:11:28.0313 0x0cfc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:11:28.0344 0x0cfc nvstor - ok
13:11:28.0391 0x0cfc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:11:28.0422 0x0cfc nv_agp - ok
13:11:28.0454 0x0cfc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:11:28.0485 0x0cfc ohci1394 - ok
13:11:28.0547 0x0cfc [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:11:28.0563 0x0cfc ose64 - ok
13:11:28.0844 0x0cfc [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:11:29.0114 0x0cfc osppsvc - ok
13:11:29.0161 0x0cfc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:11:29.0223 0x0cfc p2pimsvc - ok
13:11:29.0270 0x0cfc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
13:11:29.0317 0x0cfc p2psvc - ok
13:11:29.0348 0x0cfc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
13:11:29.0379 0x0cfc Parport - ok
13:11:29.0410 0x0cfc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:11:29.0441 0x0cfc partmgr - ok
13:11:29.0457 0x0cfc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
13:11:29.0519 0x0cfc PcaSvc - ok
13:11:29.0566 0x0cfc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
13:11:29.0597 0x0cfc pci - ok
13:11:29.0629 0x0cfc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
13:11:29.0644 0x0cfc pciide - ok
13:11:29.0675 0x0cfc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:11:29.0707 0x0cfc pcmcia - ok
13:11:29.0738 0x0cfc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
13:11:29.0753 0x0cfc pcw - ok
13:11:29.0800 0x0cfc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:11:29.0909 0x0cfc PEAUTH - ok
13:11:30.0019 0x0cfc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:11:30.0143 0x0cfc PeerDistSvc - ok
13:11:30.0221 0x0cfc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:11:30.0253 0x0cfc PerfHost - ok
13:11:30.0362 0x0cfc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
13:11:30.0502 0x0cfc pla - ok
13:11:30.0580 0x0cfc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:11:30.0658 0x0cfc PlugPlay - ok
13:11:30.0705 0x0cfc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:11:30.0736 0x0cfc PNRPAutoReg - ok
13:11:30.0767 0x0cfc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:11:30.0814 0x0cfc PNRPsvc - ok
13:11:30.0861 0x0cfc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:11:30.0955 0x0cfc PolicyAgent - ok
13:11:31.0001 0x0cfc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
13:11:31.0096 0x0cfc Power - ok
13:11:31.0127 0x0cfc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:11:31.0205 0x0cfc PptpMiniport - ok
13:11:31.0221 0x0cfc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
13:11:31.0268 0x0cfc Processor - ok
13:11:31.0314 0x0cfc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
13:11:31.0361 0x0cfc ProfSvc - ok
13:11:31.0377 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:11:31.0408 0x0cfc ProtectedStorage - ok
13:11:31.0439 0x0cfc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:11:31.0517 0x0cfc Psched - ok
13:11:31.0626 0x0cfc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:11:31.0704 0x0cfc ql2300 - ok
13:11:31.0751 0x0cfc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:11:31.0782 0x0cfc ql40xx - ok
13:11:31.0814 0x0cfc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
13:11:31.0876 0x0cfc QWAVE - ok
13:11:31.0892 0x0cfc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:11:31.0938 0x0cfc QWAVEdrv - ok
13:11:31.0938 0x0cfc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:11:32.0016 0x0cfc RasAcd - ok
13:11:32.0033 0x0cfc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:11:32.0095 0x0cfc RasAgileVpn - ok
13:11:32.0142 0x0cfc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
13:11:32.0220 0x0cfc RasAuto - ok
13:11:32.0251 0x0cfc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:11:32.0329 0x0cfc Rasl2tp - ok
13:11:32.0376 0x0cfc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
13:11:32.0454 0x0cfc RasMan - ok
13:11:32.0485 0x0cfc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:11:32.0579 0x0cfc RasPppoe - ok
13:11:32.0610 0x0cfc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:11:32.0688 0x0cfc RasSstp - ok
13:11:32.0719 0x0cfc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:11:32.0813 0x0cfc rdbss - ok
13:11:32.0829 0x0cfc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:11:32.0875 0x0cfc rdpbus - ok
13:11:32.0891 0x0cfc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:11:32.0969 0x0cfc RDPCDD - ok
13:11:33.0000 0x0cfc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:11:33.0047 0x0cfc RDPDR - ok
13:11:33.0078 0x0cfc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:11:33.0156 0x0cfc RDPENCDD - ok
13:11:33.0187 0x0cfc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:11:33.0265 0x0cfc RDPREFMP - ok
13:11:33.0343 0x0cfc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:11:33.0390 0x0cfc RdpVideoMiniport - ok
13:11:33.0437 0x0cfc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:11:33.0484 0x0cfc RDPWD - ok
13:11:33.0609 0x0cfc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:11:33.0702 0x0cfc rdyboost - ok
13:11:33.0811 0x0cfc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:11:33.0921 0x0cfc RemoteAccess - ok
13:11:33.0967 0x0cfc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:11:34.0077 0x0cfc RemoteRegistry - ok
13:11:34.0123 0x0cfc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:11:34.0186 0x0cfc RpcEptMapper - ok
13:11:34.0217 0x0cfc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
13:11:34.0248 0x0cfc RpcLocator - ok
13:11:34.0295 0x0cfc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
13:11:34.0389 0x0cfc RpcSs - ok
13:11:34.0420 0x0cfc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:11:34.0498 0x0cfc rspndr - ok
13:11:34.0560 0x0cfc [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:11:34.0623 0x0cfc RTL8167 - ok
13:11:34.0654 0x0cfc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:11:34.0685 0x0cfc s3cap - ok
13:11:34.0732 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
13:11:34.0747 0x0cfc SamSs - ok
13:11:34.0779 0x0cfc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:11:34.0810 0x0cfc sbp2port - ok
13:11:34.0857 0x0cfc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:11:34.0966 0x0cfc SCardSvr - ok
13:11:35.0013 0x0cfc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:11:35.0091 0x0cfc scfilter - ok
13:11:35.0153 0x0cfc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
13:11:35.0309 0x0cfc Schedule - ok
13:11:35.0356 0x0cfc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:11:35.0434 0x0cfc SCPolicySvc - ok
13:11:35.0481 0x0cfc [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:11:35.0527 0x0cfc sdbus - ok
13:11:35.0574 0x0cfc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:11:35.0621 0x0cfc SDRSVC - ok
13:11:35.0668 0x0cfc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:11:35.0746 0x0cfc secdrv - ok
13:11:35.0777 0x0cfc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
13:11:35.0855 0x0cfc seclogon - ok
13:11:35.0871 0x0cfc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
13:11:35.0964 0x0cfc SENS - ok
13:11:35.0980 0x0cfc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:11:36.0027 0x0cfc SensrSvc - ok
13:11:36.0042 0x0cfc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:11:36.0089 0x0cfc Serenum - ok
13:11:36.0120 0x0cfc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
13:11:36.0151 0x0cfc Serial - ok
13:11:36.0167 0x0cfc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:11:36.0214 0x0cfc sermouse - ok
13:11:36.0307 0x0cfc [ C471C170BFB078DEB5CF7C270D47B529, D9D5E88266EEDEDF97B4210EC3AF89FB93EA358476F40EDBC068D2121E036438 ] Service KMSELDI C:\Program Files\KMSpico\Service_KMS.exe
13:11:36.0401 0x0cfc Service KMSELDI - detected UnsignedFile.Multi.Generic ( 1 )
13:11:39.0178 0x0cfc Service KMSELDI ( UnsignedFile.Multi.Generic ) - warning
13:11:41.0939 0x227c Object required for P2P: [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid
13:11:42.0001 0x0cfc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
13:11:42.0079 0x0cfc SessionEnv - ok
13:11:42.0157 0x0cfc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:11:42.0189 0x0cfc sffdisk - ok
13:11:42.0204 0x0cfc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:11:42.0235 0x0cfc sffp_mmc - ok
13:11:42.0251 0x0cfc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:11:42.0282 0x0cfc sffp_sd - ok
13:11:42.0282 0x0cfc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:11:42.0329 0x0cfc sfloppy - ok
13:11:42.0376 0x0cfc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:11:42.0485 0x0cfc SharedAccess - ok
13:11:42.0532 0x0cfc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:11:42.0625 0x0cfc ShellHWDetection - ok
13:11:42.0672 0x0cfc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:11:42.0688 0x0cfc SiSRaid2 - ok
13:11:42.0719 0x0cfc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:11:42.0750 0x0cfc SiSRaid4 - ok
13:11:42.0813 0x0cfc [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:11:42.0844 0x0cfc SkypeUpdate - ok
13:11:42.0875 0x0cfc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:11:42.0953 0x0cfc Smb - ok
13:11:43.0000 0x0cfc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:11:43.0031 0x0cfc SNMPTRAP - ok
13:11:43.0062 0x0cfc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
13:11:43.0078 0x0cfc spldr - ok
13:11:43.0140 0x0cfc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
13:11:43.0203 0x0cfc Spooler - ok
13:11:43.0390 0x0cfc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
13:11:43.0717 0x0cfc sppsvc - ok
13:11:43.0764 0x0cfc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:11:43.0842 0x0cfc sppuinotify - ok
13:11:43.0889 0x0cfc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:11:43.0967 0x0cfc srv - ok
13:11:43.0998 0x0cfc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:11:44.0061 0x0cfc srv2 - ok
13:11:44.0107 0x0cfc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:11:44.0139 0x0cfc srvnet - ok
13:11:44.0170 0x0cfc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:11:44.0263 0x0cfc SSDPSRV - ok
13:11:44.0373 0x0cfc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:11:44.0451 0x0cfc SstpSvc - ok
13:11:44.0560 0x0cfc [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C, 8EBBFA456D93E63AF9D64CC95A58651E2C1B1398B6052C0E65D3005AD5AC8CB5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
13:11:44.0607 0x0cfc STacSV - ok
13:11:44.0638 0x0cfc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:11:44.0653 0x0cfc stexstor - ok
13:11:44.0716 0x0cfc [ DFFBC024DFC7BB05B2129E05CBC7A201, CA07944B864D7F3DA673040CF6314FECCAF80B8EADAF648392AE79697DAC15B4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:11:44.0731 0x227c Object send P2P result: true
13:11:44.0794 0x0cfc STHDA - ok
13:11:44.0856 0x0cfc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
13:11:44.0934 0x0cfc stisvc - ok
13:11:44.0965 0x0cfc [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:11:44.0997 0x0cfc storflt - ok
13:11:45.0012 0x0cfc [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
13:11:45.0043 0x0cfc StorSvc - ok
13:11:45.0075 0x0cfc [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:11:45.0090 0x0cfc storvsc - ok
13:11:45.0121 0x0cfc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:11:45.0137 0x0cfc swenum - ok
13:11:45.0246 0x0cfc [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:11:45.0293 0x0cfc SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:11:48.0070 0x0cfc Detect skipped due to KSN trusted
13:11:48.0070 0x0cfc SwitchBoard - ok
13:11:48.0179 0x0cfc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
13:11:48.0288 0x0cfc swprv - ok
13:11:48.0351 0x0cfc [ AC3CC98B1BDB6540021D3FFB105AC2B9, 671146CC16139AECE0BCCC44983807E045A930E262F64461D0D882A0A0B77E4F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:11:48.0382 0x0cfc SynTP - ok
13:11:48.0491 0x0cfc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
13:11:48.0663 0x0cfc SysMain - ok
13:11:48.0694 0x0cfc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:11:48.0725 0x0cfc TabletInputService - ok
13:11:48.0756 0x0cfc [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
13:11:48.0787 0x0cfc tap0901 - ok
13:11:48.0803 0x0cfc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
13:11:48.0881 0x0cfc TapiSrv - ok
13:11:48.0912 0x0cfc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
13:11:48.0959 0x0cfc TBS - ok
13:11:49.0068 0x0cfc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:11:49.0177 0x0cfc Tcpip - ok
13:11:49.0505 0x0cfc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:11:49.0614 0x0cfc TCPIP6 - ok
13:11:49.0661 0x0cfc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:11:49.0692 0x0cfc tcpipreg - ok
13:11:49.0723 0x0cfc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:11:49.0770 0x0cfc TDPIPE - ok
13:11:49.0801 0x0cfc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:11:49.0833 0x0cfc TDTCP - ok
13:11:49.0895 0x0cfc [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:11:49.0942 0x0cfc tdx - ok
13:11:49.0973 0x0cfc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:11:49.0989 0x0cfc TermDD - ok
13:11:50.0067 0x0cfc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
13:11:50.0145 0x0cfc TermService - ok
13:11:50.0176 0x0cfc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
13:11:50.0207 0x0cfc Themes - ok
13:11:50.0238 0x0cfc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
13:11:50.0316 0x0cfc THREADORDER - ok
13:11:50.0332 0x0cfc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
13:11:50.0425 0x0cfc TrkWks - ok
13:11:50.0488 0x0cfc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:11:50.0550 0x0cfc TrustedInstaller - ok
13:11:50.0581 0x0cfc [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:11:50.0628 0x0cfc tssecsrv - ok
13:11:50.0659 0x0cfc [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:11:50.0706 0x0cfc TsUsbFlt - ok
13:11:50.0722 0x0cfc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:11:50.0753 0x0cfc TsUsbGD - ok
13:11:50.0815 0x0cfc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:11:50.0893 0x0cfc tunnel - ok
13:11:50.0909 0x0cfc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:11:50.0940 0x0cfc uagp35 - ok
13:11:50.0987 0x0cfc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:11:51.0081 0x0cfc udfs - ok
13:11:51.0127 0x0cfc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:11:51.0174 0x0cfc UI0Detect - ok
13:11:51.0190 0x0cfc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:11:51.0221 0x0cfc uliagpkx - ok
13:11:51.0252 0x0cfc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:11:51.0283 0x0cfc umbus - ok
13:11:51.0299 0x0cfc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
13:11:51.0330 0x0cfc UmPass - ok
13:11:51.0361 0x0cfc [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
13:11:51.0408 0x0cfc UmRdpService - ok
13:11:51.0408 0x0cfc Update RightSurf - ok
13:11:51.0455 0x0cfc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
13:11:51.0564 0x0cfc upnphost - ok
13:11:51.0627 0x0cfc [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:11:51.0658 0x0cfc USBAAPL64 - ok
13:11:51.0689 0x0cfc [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:11:51.0736 0x0cfc usbaudio - ok
13:11:51.0767 0x0cfc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:11:51.0814 0x0cfc usbccgp - ok
13:11:51.0845 0x0cfc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:11:51.0907 0x0cfc usbcir - ok
13:11:51.0954 0x0cfc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:11:51.0985 0x0cfc usbehci - ok
13:11:52.0017 0x0cfc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:11:52.0079 0x0cfc usbhub - ok
13:11:52.0095 0x0cfc [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:11:52.0126 0x0cfc usbohci - ok
13:11:52.0157 0x0cfc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:11:52.0188 0x0cfc usbprint - ok
13:11:52.0219 0x0cfc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:11:52.0266 0x0cfc usbscan - ok
13:11:52.0282 0x0cfc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:11:52.0344 0x0cfc USBSTOR - ok
13:11:52.0375 0x0cfc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:11:52.0391 0x0cfc usbuhci - ok
13:11:52.0438 0x0cfc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:11:52.0485 0x0cfc usbvideo - ok
13:11:52.0500 0x0cfc Util RightSurf - ok
13:11:52.0531 0x0cfc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
13:11:52.0609 0x0cfc UxSms - ok
13:11:52.0625 0x0cfc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
13:11:52.0641 0x0cfc VaultSvc - ok
13:11:52.0687 0x0cfc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:11:52.0703 0x0cfc vdrvroot - ok
13:11:52.0750 0x0cfc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
13:11:52.0843 0x0cfc vds - ok
13:11:52.0875 0x0cfc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:11:52.0906 0x0cfc vga - ok
13:11:52.0937 0x0cfc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:11:52.0999 0x0cfc VgaSave - ok
13:11:53.0062 0x0cfc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:11:53.0093 0x0cfc vhdmp - ok
13:11:53.0124 0x0cfc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
13:11:53.0140 0x0cfc viaide - ok
13:11:53.0171 0x0cfc [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:11:53.0202 0x0cfc vmbus - ok
13:11:53.0218 0x0cfc [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:11:53.0265 0x0cfc VMBusHID - ok
13:11:53.0280 0x0cfc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:11:53.0311 0x0cfc volmgr - ok
13:11:53.0343 0x0cfc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:11:53.0389 0x0cfc volmgrx - ok
13:11:53.0421 0x0cfc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:11:53.0452 0x0cfc volsnap - ok
13:11:53.0483 0x0cfc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:11:53.0514 0x0cfc vsmraid - ok
13:11:53.0608 0x0cfc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
13:11:53.0811 0x0cfc VSS - ok
13:11:53.0857 0x0cfc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:11:53.0889 0x0cfc vwifibus - ok
13:11:53.0935 0x0cfc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:11:53.0967 0x0cfc vwififlt - ok
13:11:53.0998 0x0cfc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:11:54.0029 0x0cfc vwifimp - ok
13:11:54.0076 0x0cfc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
13:11:54.0154 0x0cfc W32Time - ok
13:11:54.0247 0x0cfc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:11:54.0310 0x0cfc WacomPen - ok
13:11:54.0325 0x0cfc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:11:54.0403 0x0cfc WANARP - ok
13:11:54.0419 0x0cfc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:11:54.0481 0x0cfc Wanarpv6 - ok
13:11:54.0747 0x0cfc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:11:54.0825 0x0cfc WatAdminSvc - ok
13:11:54.0918 0x0cfc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
13:11:55.0043 0x0cfc wbengine - ok
13:11:55.0074 0x0cfc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:11:55.0137 0x0cfc WbioSrvc - ok
13:11:55.0261 0x0cfc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:11:55.0324 0x0cfc wcncsvc - ok
13:11:55.0355 0x0cfc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:11:55.0386 0x0cfc WcsPlugInService - ok
13:11:55.0417 0x0cfc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
13:11:55.0449 0x0cfc Wd - ok
13:11:55.0495 0x0cfc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:11:55.0558 0x0cfc Wdf01000 - ok
13:11:55.0620 0x0cfc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:11:55.0714 0x0cfc WdiServiceHost - ok
13:11:55.0714 0x0cfc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:11:55.0761 0x0cfc WdiSystemHost - ok
13:11:55.0792 0x0cfc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
13:11:55.0839 0x0cfc WebClient - ok
13:11:55.0870 0x0cfc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:11:55.0963 0x0cfc Wecsvc - ok
13:11:55.0995 0x0cfc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:11:56.0073 0x0cfc wercplsupport - ok
13:11:56.0104 0x0cfc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
13:11:56.0166 0x0cfc WerSvc - ok
13:11:56.0229 0x0cfc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:11:56.0291 0x0cfc WfpLwf - ok
13:11:56.0322 0x0cfc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:11:56.0338 0x0cfc WIMMount - ok
13:11:56.0369 0x0cfc WinDefend - ok
13:11:56.0385 0x0cfc WinHttpAutoProxySvc - ok
13:11:56.0447 0x0cfc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:11:56.0525 0x0cfc Winmgmt - ok
13:11:56.0650 0x0cfc [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
13:11:56.0806 0x0cfc WinRM - ok
13:11:56.0853 0x0cfc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:11:56.0899 0x0cfc WinUsb - ok
13:11:56.0962 0x0cfc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:11:57.0055 0x0cfc Wlansvc - ok
13:11:57.0087 0x0cfc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:11:57.0118 0x0cfc WmiAcpi - ok
13:11:57.0149 0x0cfc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:11:57.0211 0x0cfc wmiApSrv - ok
13:11:57.0227 0x0cfc WMPNetworkSvc - ok
13:11:57.0258 0x0cfc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:11:57.0305 0x0cfc WPCSvc - ok
13:11:57.0321 0x0cfc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:11:57.0367 0x0cfc WPDBusEnum - ok
13:11:57.0399 0x0cfc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:11:57.0477 0x0cfc ws2ifsl - ok
13:11:57.0508 0x0cfc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
13:11:57.0539 0x0cfc wscsvc - ok
13:11:57.0555 0x0cfc WSearch - ok
13:11:57.0695 0x0cfc [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
13:11:57.0835 0x0cfc wuauserv - ok
13:11:57.0867 0x0cfc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:11:57.0929 0x0cfc WudfPf - ok
13:11:57.0945 0x0cfc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:11:57.0991 0x0cfc WUDFRd - ok
13:11:58.0007 0x0cfc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:11:58.0038 0x0cfc wudfsvc - ok
13:11:58.0085 0x0cfc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
13:11:58.0132 0x0cfc WwanSvc - ok
13:11:58.0179 0x0cfc ================ Scan global ===============================
13:11:58.0210 0x0cfc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:11:58.0257 0x0cfc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:11:58.0288 0x0cfc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:11:58.0319 0x0cfc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:11:58.0366 0x0cfc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:11:58.0381 0x0cfc [ Global ] - ok
13:11:58.0381 0x0cfc ================ Scan MBR ==================================
13:11:58.0397 0x0cfc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:11:59.0317 0x0cfc \Device\Harddisk0\DR0 - ok
13:11:59.0333 0x0cfc ================ Scan VBR ==================================
13:11:59.0364 0x0cfc [ C7132D7EF4281D2D373864CA49F586BF ] \Device\Harddisk0\DR0\Partition1
13:11:59.0364 0x0cfc \Device\Harddisk0\DR0\Partition1 - ok
13:11:59.0364 0x0cfc [ EE0089E2B868FC8C265E7537009B43AC ] \Device\Harddisk0\DR0\Partition2
13:11:59.0380 0x0cfc \Device\Harddisk0\DR0\Partition2 - ok
13:11:59.0380 0x0cfc [ 478516D8FA8F92E12E245B4B625C204A ] \Device\Harddisk0\DR0\Partition3
13:11:59.0380 0x0cfc \Device\Harddisk0\DR0\Partition3 - ok
13:11:59.0380 0x0cfc ================ Scan generic autorun ======================
13:11:59.0442 0x0cfc [ 2EEED500C1EC095CB3D0DE7A3C7E4278, 06D0DC42A7DE207D675A0DE69001D20941FC0B8D067504CD8B56DD0B952A5ACE ] C:\Program Files\IDT\WDM\sttray64.exe
13:11:59.0489 0x0cfc SysTrayApp - ok
13:11:59.0489 0x0cfc SynTPEnh - ok
13:11:59.0598 0x0cfc [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:11:59.0629 0x0cfc AdobeAAMUpdater-1.0 - ok
13:11:59.0676 0x0cfc [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:11:59.0723 0x0cfc SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:11:59.0723 0x0cfc Detect skipped due to KSN trusted
13:11:59.0723 0x0cfc SwitchBoard - ok
13:11:59.0832 0x0cfc [ 3EE19173AC7BB16AD239B195D97C13B0, A9E5FC90F20DC7500A186C9D184ED55BC04038FFC6D97714E64C660EAE808A98 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
13:11:59.0895 0x0cfc AdobeCS6ServiceManager - ok
13:11:59.0988 0x0cfc [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
13:12:00.0035 0x0cfc avgnt - ok
13:12:00.0175 0x0cfc [ 49161D25F38D52B026AA6B718E9F05B8, 80CEE409BC07722C3092393817A8C771469331EC12FFD6200A6E7CD302C0E11F ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
13:12:00.0316 0x0cfc Adobe Creative Cloud - ok
13:12:00.0378 0x0cfc [ 5100ADC704F2D6CE3DF8C0D5105D6C84, BD46EE57F881EDAB63A0540186D9471F4C70F3E4D72F1C52D72DD9BADF9E7334 ] C:\Program Files (x86)\PDF24\pdf24.exe
13:12:00.0409 0x0cfc PDFPrint - ok
13:12:00.0472 0x0cfc [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:12:00.0487 0x0cfc iTunesHelper - ok
13:12:00.0534 0x0cfc [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:12:00.0565 0x0cfc SunJavaUpdateSched - ok
13:12:00.0612 0x0cfc [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
13:12:00.0643 0x0cfc Avira Systray - ok
13:12:00.0753 0x0cfc [ 34560253EF56416ED5F9192AA258407E, 1915FED010A852C65A4BF809D9DC8E8C96ECCABFC6707F1EBA946630F4E56CAF ] C:\Program Files (x86)\Trojan Remover\Trjscan.exe
13:12:00.0846 0x0cfc TrojanScanner - ok
13:12:00.0955 0x0cfc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:12:01.0080 0x0cfc Sidebar - ok
13:12:01.0096 0x0cfc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:12:01.0143 0x0cfc mctadmin - ok
13:12:01.0221 0x0cfc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:12:01.0299 0x0cfc Sidebar - ok
13:12:01.0314 0x0cfc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:12:01.0361 0x0cfc mctadmin - ok
13:12:01.0361 0x0cfc LiveSupport - ok
13:12:01.0455 0x0cfc [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
13:12:01.0470 0x0cfc iCloudServices - ok
13:12:01.0501 0x0cfc [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
13:12:01.0517 0x0cfc ApplePhotoStreams - ok
13:12:01.0533 0x0cfc FlashPlayerUpdate - ok
13:12:01.0533 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:02.0547 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:03.0561 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:04.0575 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:05.0589 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:06.0603 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:07.0617 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:08.0631 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:09.0645 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:10.0659 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:11.0673 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:12.0687 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:13.0701 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:14.0715 0x0cfc Waiting for KSN requests completion. In queue: 138
13:12:15.0807 0x0cfc AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
13:12:15.0822 0x0cfc Win FW state via NFP2: disabled
13:12:18.0552 0x0cfc ============================================================
13:12:18.0552 0x0cfc Scan finished
13:12:18.0552 0x0cfc ============================================================
13:12:18.0568 0x3348 Detected object count: 2
13:12:18.0568 0x3348 Actual detected object count: 2
13:14:20.0175 0x3348 Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:20.0175 0x3348 Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:14:20.0175 0x3348 Service KMSELDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:14:20.0175 0x3348 Service KMSELDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.02.2015, 13:21
| #4 |
| | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Habe den TDSS noch einmal laufen lassen, wieder 2 Threats gefunden: Code:
ATTFilter 13:19:00.0427 0x3004 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:19:05.0529 0x3004 ============================================================
13:19:05.0529 0x3004 Current date / time: 2015/02/02 13:19:05.0529
13:19:05.0529 0x3004 SystemInfo:
13:19:05.0529 0x3004
13:19:05.0529 0x3004 OS Version: 6.1.7601 ServicePack: 1.0
13:19:05.0529 0x3004 Product type: Workstation
13:19:05.0529 0x3004 ComputerName: DIRK-PC
13:19:05.0529 0x3004 UserName: Dirk
13:19:05.0529 0x3004 Windows directory: C:\Windows
13:19:05.0529 0x3004 System windows directory: C:\Windows
13:19:05.0529 0x3004 Running under WOW64
13:19:05.0529 0x3004 Processor architecture: Intel x64
13:19:05.0529 0x3004 Number of processors: 2
13:19:05.0529 0x3004 Page size: 0x1000
13:19:05.0529 0x3004 Boot type: Normal boot
13:19:05.0529 0x3004 ============================================================
13:19:07.0525 0x3004 KLMD registered as C:\Windows\system32\drivers\88839233.sys
13:19:07.0697 0x3004 System UUID: {AD9A45AA-41BE-88E7-9F72-A5C7514600F3}
13:19:08.0321 0x3004 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:19:08.0337 0x3004 ============================================================
13:19:08.0337 0x3004 \Device\Harddisk0\DR0:
13:19:08.0337 0x3004 MBR partitions:
13:19:08.0337 0x3004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:19:08.0337 0x3004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
13:19:08.0337 0x3004 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x21CE5800
13:19:08.0337 0x3004 ============================================================
13:19:08.0461 0x3004 C: <-> \Device\Harddisk0\DR0\Partition2
13:19:08.0508 0x3004 D: <-> \Device\Harddisk0\DR0\Partition3
13:19:08.0508 0x3004 ============================================================
13:19:08.0508 0x3004 Initialize success
13:19:08.0508 0x3004 ============================================================
13:19:15.0700 0x46bc ============================================================
13:19:15.0700 0x46bc Scan started
13:19:15.0700 0x46bc Mode: Manual; SigCheck; TDLFS;
13:19:15.0700 0x46bc ============================================================
13:19:15.0700 0x46bc KSN ping started
13:19:18.0414 0x46bc KSN ping finished: true
13:19:19.0615 0x46bc ================ Scan system memory ========================
13:19:19.0615 0x46bc System memory - ok
13:19:19.0615 0x46bc ================ Scan services =============================
13:19:19.0756 0x46bc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:19:19.0865 0x46bc 1394ohci - ok
13:19:19.0896 0x46bc [ 5C368F4B04ED2A923E6AFCA2D37BAFF5, C3CC58D636B18DF77C4C4B384AD1DE78418716A0606E564DBC63782D5EA02905 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:19:19.0927 0x46bc Accelerometer - ok
13:19:19.0959 0x46bc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:19:19.0990 0x46bc ACPI - ok
13:19:20.0021 0x46bc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:19:20.0052 0x46bc AcpiPmi - ok
13:19:20.0177 0x46bc [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:19:20.0193 0x46bc AdobeARMservice - ok
13:19:20.0302 0x46bc [ A2A9C100FE1BE20A76C0B80D4CA44103, C34B4A31C8563E29EC6A3D318C40075F43C891C23D156F53EE2102C959B7887F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:20.0333 0x46bc AdobeFlashPlayerUpdateSvc - ok
13:19:20.0380 0x46bc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:19:20.0427 0x46bc adp94xx - ok
13:19:20.0489 0x46bc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:19:20.0520 0x46bc adpahci - ok
13:19:20.0551 0x46bc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:19:20.0583 0x46bc adpu320 - ok
13:19:20.0614 0x46bc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:19:20.0692 0x46bc AeLookupSvc - ok
13:19:20.0785 0x46bc [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
13:19:20.0817 0x46bc AESTFilters - ok
13:19:20.0879 0x46bc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
13:19:20.0941 0x46bc AFD - ok
13:19:20.0988 0x46bc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
13:19:21.0019 0x46bc agp440 - ok
13:19:21.0051 0x46bc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
13:19:21.0082 0x46bc ALG - ok
13:19:21.0113 0x46bc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
13:19:21.0129 0x46bc aliide - ok
13:19:21.0175 0x46bc [ D696F317BD465A602566F8E1DCCE15F7, 6CE77CD4221C0854986F760D1944DF9F4255192D99630D43A0527A6D58D83406 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:19:21.0207 0x46bc AMD External Events Utility - ok
13:19:21.0222 0x46bc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
13:19:21.0238 0x46bc amdide - ok
13:19:21.0285 0x46bc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:19:21.0300 0x46bc AmdK8 - ok
13:19:21.0316 0x46bc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:19:21.0347 0x46bc AmdPPM - ok
13:19:21.0394 0x46bc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:19:21.0409 0x46bc amdsata - ok
13:19:21.0441 0x46bc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:19:21.0472 0x46bc amdsbs - ok
13:19:21.0487 0x46bc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:19:21.0519 0x46bc amdxata - ok
13:19:21.0597 0x46bc [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:19:21.0628 0x46bc AntiVirSchedulerService - ok
13:19:21.0690 0x46bc [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:19:21.0721 0x46bc AntiVirService - ok
13:19:21.0768 0x46bc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
13:19:21.0831 0x46bc AppID - ok
13:19:21.0862 0x46bc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:19:21.0924 0x46bc AppIDSvc - ok
13:19:21.0955 0x46bc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
13:19:21.0971 0x46bc Appinfo - ok
13:19:22.0065 0x46bc [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:22.0080 0x46bc Apple Mobile Device - ok
13:19:22.0127 0x46bc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
13:19:22.0158 0x46bc AppMgmt - ok
13:19:22.0189 0x46bc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
13:19:22.0221 0x46bc arc - ok
13:19:22.0252 0x46bc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:19:22.0283 0x46bc arcsas - ok
13:19:22.0392 0x46bc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:19:22.0423 0x46bc aspnet_state - ok
13:19:22.0455 0x46bc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:22.0517 0x46bc AsyncMac - ok
13:19:22.0564 0x46bc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
13:19:22.0595 0x46bc atapi - ok
13:19:22.0891 0x46bc [ 52BD95CAA9CAE8977FE043E9AD6D2D0E, E96DD29A2FCE1403340CB29D34F657DF17F483F62A2E8E24890F9BC4812B2971 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:19:23.0188 0x46bc atikmdag - ok
13:19:23.0266 0x46bc [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:19:23.0328 0x46bc AudioEndpointBuilder - ok
13:19:23.0375 0x46bc [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:19:23.0437 0x46bc AudioSrv - ok
13:19:23.0500 0x46bc [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:19:23.0515 0x46bc avgntflt - ok
13:19:23.0578 0x46bc [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:19:23.0593 0x46bc avipbb - ok
13:19:23.0671 0x46bc [ 6F77BBB8FC69D26132309EB4CE7A4E0E, 39E1E20F7CE6B2A784765BB1BE3AC539EDD2889880F78D14C340129E9DB7A43E ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
13:19:23.0703 0x46bc Avira.OE.ServiceHost - ok
13:19:23.0734 0x46bc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:19:23.0749 0x46bc avkmgr - ok
13:19:23.0796 0x46bc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:19:23.0843 0x46bc AxInstSV - ok
13:19:23.0890 0x46bc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:19:23.0937 0x46bc b06bdrv - ok
13:19:23.0983 0x46bc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:19:24.0030 0x46bc b57nd60a - ok
13:19:24.0202 0x46bc [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
13:19:24.0327 0x46bc BCM43XX - ok
13:19:24.0373 0x46bc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
13:19:24.0405 0x46bc BDESVC - ok
13:19:24.0420 0x46bc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
13:19:24.0483 0x46bc Beep - ok
13:19:24.0529 0x46bc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
13:19:24.0592 0x46bc BFE - ok
13:19:24.0654 0x46bc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
13:19:24.0763 0x46bc BITS - ok
13:19:24.0810 0x46bc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:19:24.0826 0x46bc blbdrive - ok
13:19:24.0904 0x46bc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:19:24.0935 0x46bc Bonjour Service - ok
13:19:24.0997 0x46bc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:19:25.0029 0x46bc bowser - ok
13:19:25.0075 0x46bc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:19:25.0091 0x46bc BrFiltLo - ok
13:19:25.0107 0x46bc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:19:25.0138 0x46bc BrFiltUp - ok
13:19:25.0169 0x46bc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
13:19:25.0200 0x46bc Browser - ok
13:19:25.0231 0x46bc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:19:25.0263 0x46bc Brserid - ok
13:19:25.0278 0x46bc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:19:25.0309 0x46bc BrSerWdm - ok
13:19:25.0325 0x46bc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:19:25.0356 0x46bc BrUsbMdm - ok
13:19:25.0356 0x46bc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:19:25.0387 0x46bc BrUsbSer - ok
13:19:25.0419 0x46bc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:19:25.0450 0x46bc BTHMODEM - ok
13:19:25.0481 0x46bc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
13:19:25.0543 0x46bc bthserv - ok
13:19:25.0575 0x46bc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:19:25.0653 0x46bc cdfs - ok
13:19:25.0699 0x46bc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:19:25.0746 0x46bc cdrom - ok
13:19:25.0777 0x46bc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
13:19:25.0840 0x46bc CertPropSvc - ok
13:19:25.0871 0x46bc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
13:19:25.0902 0x46bc circlass - ok
13:19:25.0933 0x46bc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
13:19:25.0965 0x46bc CLFS - ok
13:19:26.0043 0x46bc [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:26.0058 0x46bc clr_optimization_v2.0.50727_32 - ok
13:19:26.0105 0x46bc [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:19:26.0136 0x46bc clr_optimization_v2.0.50727_64 - ok
13:19:26.0214 0x46bc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:26.0245 0x46bc clr_optimization_v4.0.30319_32 - ok
13:19:26.0261 0x46bc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:19:26.0292 0x46bc clr_optimization_v4.0.30319_64 - ok
13:19:26.0323 0x46bc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:19:26.0355 0x46bc CmBatt - ok
13:19:26.0370 0x46bc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:19:26.0386 0x46bc cmdide - ok
13:19:26.0464 0x46bc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
13:19:26.0526 0x46bc CNG - ok
13:19:26.0542 0x46bc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:19:26.0573 0x46bc Compbatt - ok
13:19:26.0589 0x46bc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:19:26.0620 0x46bc CompositeBus - ok
13:19:26.0635 0x46bc COMSysApp - ok
13:19:26.0651 0x46bc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:19:26.0682 0x46bc crcdisk - ok
13:19:26.0729 0x46bc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:19:26.0760 0x46bc CryptSvc - ok
13:19:26.0807 0x46bc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
13:19:26.0854 0x46bc CSC - ok
13:19:26.0901 0x46bc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
13:19:26.0963 0x46bc CscService - ok
13:19:27.0010 0x46bc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:19:27.0103 0x46bc DcomLaunch - ok
13:19:27.0150 0x46bc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
13:19:27.0228 0x46bc defragsvc - ok
13:19:27.0244 0x46bc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:19:27.0306 0x46bc DfsC - ok
13:19:27.0369 0x46bc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:19:27.0400 0x46bc Dhcp - ok
13:19:27.0431 0x46bc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
13:19:27.0493 0x46bc discache - ok
13:19:27.0525 0x46bc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
13:19:27.0556 0x46bc Disk - ok
13:19:27.0587 0x46bc [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:19:27.0618 0x46bc dmvsc - ok
13:19:27.0649 0x46bc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:19:27.0681 0x46bc Dnscache - ok
13:19:27.0712 0x46bc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
13:19:27.0790 0x46bc dot3svc - ok
13:19:27.0805 0x46bc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
13:19:27.0883 0x46bc DPS - ok
13:19:28.0024 0x46bc [ 08EE57B20D4508B24A7E3619F10F5FD3, 2506E2D0429B44D4A0F0781BC9D2C631CE809634080FFA0612F03FE6391F61C4 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
13:19:28.0133 0x46bc DragonUpdater - ok
13:19:28.0195 0x46bc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:19:28.0211 0x46bc drmkaud - ok
13:19:28.0289 0x46bc [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:19:28.0351 0x46bc DXGKrnl - ok
13:19:28.0414 0x46bc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
13:19:28.0492 0x46bc EapHost - ok
13:19:28.0679 0x46bc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:19:28.0866 0x46bc ebdrv - ok
13:19:28.0913 0x46bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
13:19:28.0929 0x46bc EFS - ok
13:19:29.0007 0x46bc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:19:29.0053 0x46bc ehRecvr - ok
13:19:29.0085 0x46bc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
13:19:29.0116 0x46bc ehSched - ok
13:19:29.0178 0x46bc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:19:29.0225 0x46bc elxstor - ok
13:19:29.0241 0x46bc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:19:29.0272 0x46bc ErrDev - ok
13:19:29.0334 0x46bc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
13:19:29.0412 0x46bc EventSystem - ok
13:19:29.0459 0x46bc [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:19:29.0490 0x46bc ew_hwusbdev - ok
13:19:29.0537 0x46bc [ FF82FE59664304F75FC56EC0E92796F0, 943DF1D66BAC8EDDF45E77E2E17136ADBD2A5378BBFA93D2C78C16FEC5A7F14F ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
13:19:29.0553 0x46bc ew_usbenumfilter - ok
13:19:29.0584 0x46bc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
13:19:29.0662 0x46bc exfat - ok
13:19:29.0709 0x46bc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:19:29.0787 0x46bc fastfat - ok
13:19:29.0833 0x46bc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
13:19:29.0896 0x46bc Fax - ok
13:19:29.0911 0x46bc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
13:19:29.0943 0x46bc fdc - ok
13:19:29.0974 0x46bc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
13:19:30.0036 0x46bc fdPHost - ok
13:19:30.0067 0x46bc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
13:19:30.0145 0x46bc FDResPub - ok
13:19:30.0161 0x46bc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:19:30.0192 0x46bc FileInfo - ok
13:19:30.0208 0x46bc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:19:30.0270 0x46bc Filetrace - ok
13:19:30.0301 0x46bc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:19:30.0333 0x46bc flpydisk - ok
13:19:30.0364 0x46bc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:19:30.0395 0x46bc FltMgr - ok
13:19:30.0473 0x46bc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
13:19:30.0567 0x46bc FontCache - ok
13:19:30.0613 0x46bc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:30.0645 0x46bc FontCache3.0.0.0 - ok
13:19:30.0660 0x46bc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:19:30.0676 0x46bc FsDepends - ok
13:19:30.0707 0x46bc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:19:30.0738 0x46bc Fs_Rec - ok
13:19:30.0769 0x46bc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:19:30.0816 0x46bc fvevol - ok
13:19:30.0847 0x46bc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:19:30.0863 0x46bc gagp30kx - ok
13:19:30.0910 0x46bc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:19:30.0925 0x46bc GEARAspiWDM - ok
13:19:30.0988 0x46bc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
13:19:31.0081 0x46bc gpsvc - ok
13:19:31.0144 0x46bc [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:31.0159 0x46bc gupdate - ok
13:19:31.0191 0x46bc [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:31.0206 0x46bc gupdatem - ok
13:19:31.0237 0x46bc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:19:31.0269 0x46bc hcw85cir - ok
13:19:31.0315 0x46bc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:31.0362 0x46bc HdAudAddService - ok
13:19:31.0409 0x46bc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:31.0440 0x46bc HDAudBus - ok
13:19:31.0456 0x46bc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:19:31.0487 0x46bc HidBatt - ok
13:19:31.0503 0x46bc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:19:31.0534 0x46bc HidBth - ok
13:19:31.0549 0x46bc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
13:19:31.0581 0x46bc HidIr - ok
13:19:31.0612 0x46bc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
13:19:31.0674 0x46bc hidserv - ok
13:19:31.0721 0x46bc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:19:31.0737 0x46bc HidUsb - ok
13:19:31.0768 0x46bc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:19:31.0830 0x46bc hkmsvc - ok
13:19:31.0861 0x46bc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:19:31.0908 0x46bc HomeGroupListener - ok
13:19:31.0939 0x46bc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:19:31.0971 0x46bc HomeGroupProvider - ok
13:19:32.0017 0x46bc [ 4E0BEC0F78096FFD6D3314B497FC49D3, 15B545815D0C80102963FFF13B6643CC9A74717137C1CBA45345B18912E72DB6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:19:32.0033 0x46bc hpdskflt - ok
13:19:32.0080 0x46bc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:19:32.0095 0x46bc HpSAMD - ok
13:19:32.0111 0x46bc [ FC7C13B5A9E9BE23B7AE72BBC7FDB278, E85A7BF1CFE52BA7D663A1ED48A4F8874EFBDDF48979138F7E3E24817705B6A1 ] hpsrv C:\Windows\system32\Hpservice.exe
13:19:32.0142 0x46bc hpsrv - ok
13:19:32.0205 0x46bc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:19:32.0298 0x46bc HTTP - ok
13:19:32.0345 0x46bc [ 4205571B46BAF3A43D43A9804810DF9A, 65F971AD054810113EE5057E3B4FFF611BBE299671C8017E6E5B0F16FC4D58AE ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
13:19:32.0376 0x46bc huawei_cdcacm - ok
13:19:32.0407 0x46bc [ F6C1661C55EAAD2DD9FBB37D5DF1A011, 8511A28F6FAECCBB86342B9490158C2E1031B6161DAD702D0DC2991366DB28DA ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:19:32.0423 0x46bc huawei_enumerator - ok
13:19:32.0454 0x46bc [ F7D991E5EA0433DBAEEE186CAD2BEBC9, D051ECAABFEBFCBBA548964DCCDD29DD996814AF4B01AE11B244584BD0FBD82B ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
13:19:32.0485 0x46bc huawei_ext_ctrl - ok
13:19:32.0517 0x46bc [ 06D9644E6BD7AD1C18B78D4D4EE87586, CEA690D0E86993DE9E92118C1E545C2AA0498606A721382734B5B0FD5BBFA7C0 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
13:19:32.0548 0x46bc huawei_wwanecm - ok
13:19:32.0657 0x46bc [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
13:19:32.0688 0x46bc HWDeviceService64.exe - ok
13:19:32.0719 0x46bc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:19:32.0735 0x46bc hwpolicy - ok
13:19:32.0782 0x46bc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:32.0797 0x46bc i8042prt - ok
13:19:32.0844 0x46bc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:19:32.0891 0x46bc iaStorV - ok
13:19:32.0969 0x46bc [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:33.0016 0x46bc idsvc - ok
13:19:33.0047 0x46bc IEEtwCollectorService - ok
13:19:33.0094 0x46bc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:19:33.0125 0x46bc iirsp - ok
13:19:33.0187 0x46bc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
13:19:33.0265 0x46bc IKEEXT - ok
13:19:33.0281 0x46bc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
13:19:33.0312 0x46bc intelide - ok
13:19:33.0343 0x46bc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:19:33.0375 0x46bc intelppm - ok
13:19:33.0468 0x46bc [ F87AB0028BEC24F93519F33AEA39B90A, 17108380F71B2C453038ADE2CB92E7E91A15DE71BF07249186BCAF44BDC28733 ] Internet Enhancer Service C:\Program Files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe
13:19:33.0484 0x46bc Internet Enhancer Service - detected UnsignedFile.Multi.Generic ( 1 )
13:19:36.0261 0x46bc Detect skipped due to KSN trusted
13:19:36.0261 0x46bc Internet Enhancer Service - ok
13:19:36.0417 0x46bc [ C5678CCEB3E9E03639C0A0E67B132E92, 3997C2F0410C7211C32730D3D80CDE18EABAAC9F244282008490351B9A4057EB ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
13:19:36.0463 0x46bc Internet Manager. RunOuc - detected UnsignedFile.Multi.Generic ( 1 )
13:19:39.0381 0x46bc Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - warning
13:19:53.0202 0x46bc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:19:53.0280 0x46bc IPBusEnum - ok
13:19:53.0296 0x46bc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:53.0374 0x46bc IpFilterDriver - ok
13:19:53.0421 0x46bc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:19:53.0483 0x46bc iphlpsvc - ok
13:19:53.0530 0x46bc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:19:53.0561 0x46bc IPMIDRV - ok
13:19:53.0577 0x46bc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:19:53.0639 0x46bc IPNAT - ok
13:19:53.0951 0x46bc [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:19:53.0998 0x46bc iPod Service - ok
13:19:54.0029 0x46bc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:19:54.0060 0x46bc IRENUM - ok
13:19:54.0076 0x46bc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:19:54.0107 0x46bc isapnp - ok
13:19:54.0138 0x46bc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:19:54.0169 0x46bc iScsiPrt - ok
13:19:54.0201 0x46bc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:54.0232 0x46bc kbdclass - ok
13:19:54.0247 0x46bc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:19:54.0279 0x46bc kbdhid - ok
13:19:54.0294 0x46bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
13:19:54.0325 0x46bc KeyIso - ok
13:19:54.0372 0x46bc [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:19:54.0403 0x46bc KSecDD - ok
13:19:54.0435 0x46bc [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:19:54.0466 0x46bc KSecPkg - ok
13:19:54.0497 0x46bc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:19:54.0575 0x46bc ksthunk - ok
13:19:54.0684 0x46bc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
13:19:54.0762 0x46bc KtmRm - ok
13:19:54.0793 0x46bc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:19:54.0871 0x46bc LanmanServer - ok
13:19:54.0918 0x46bc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:54.0996 0x46bc LanmanWorkstation - ok
13:19:55.0043 0x46bc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:19:55.0105 0x46bc lltdio - ok
13:19:55.0152 0x46bc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:19:55.0230 0x46bc lltdsvc - ok
13:19:55.0261 0x46bc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:19:55.0324 0x46bc lmhosts - ok
13:19:55.0371 0x46bc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:19:55.0386 0x46bc LSI_FC - ok
13:19:55.0417 0x46bc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:19:55.0433 0x46bc LSI_SAS - ok
13:19:55.0464 0x46bc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:19:55.0480 0x46bc LSI_SAS2 - ok
13:19:55.0495 0x46bc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:19:55.0527 0x46bc LSI_SCSI - ok
13:19:55.0573 0x46bc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
13:19:55.0636 0x46bc luafv - ok
13:19:55.0667 0x46bc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:19:55.0698 0x46bc Mcx2Svc - ok
13:19:55.0729 0x46bc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
13:19:55.0745 0x46bc megasas - ok
13:19:55.0792 0x46bc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:19:55.0823 0x46bc MegaSR - ok
13:19:55.0870 0x46bc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
13:19:55.0932 0x46bc MMCSS - ok
13:19:55.0963 0x46bc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
13:19:56.0026 0x46bc Modem - ok
13:19:56.0057 0x46bc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:19:56.0088 0x46bc monitor - ok
13:19:56.0119 0x46bc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:19:56.0151 0x46bc mouclass - ok
13:19:56.0166 0x46bc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:19:56.0182 0x46bc mouhid - ok
13:19:56.0197 0x46bc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:19:56.0229 0x46bc mountmgr - ok
13:19:56.0260 0x46bc [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:19:56.0291 0x46bc MozillaMaintenance - ok
13:19:56.0322 0x46bc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
13:19:56.0353 0x46bc mpio - ok
13:19:56.0385 0x46bc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:19:56.0463 0x46bc mpsdrv - ok
13:19:56.0541 0x46bc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:19:56.0650 0x46bc MpsSvc - ok
13:19:56.0681 0x46bc [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:19:56.0712 0x46bc MRxDAV - ok
13:19:56.0759 0x46bc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:56.0790 0x46bc mrxsmb - ok
13:19:56.0821 0x46bc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:56.0853 0x46bc mrxsmb10 - ok
13:19:56.0868 0x46bc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:56.0899 0x46bc mrxsmb20 - ok
13:19:56.0931 0x46bc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
13:19:56.0946 0x46bc msahci - ok
13:19:56.0977 0x46bc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:19:57.0009 0x46bc msdsm - ok
13:19:57.0040 0x46bc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
13:19:57.0071 0x46bc MSDTC - ok
13:19:57.0102 0x46bc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:19:57.0180 0x46bc Msfs - ok
13:19:57.0196 0x46bc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:19:57.0274 0x46bc mshidkmdf - ok
13:19:57.0289 0x46bc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:19:57.0305 0x46bc msisadrv - ok
13:19:57.0352 0x46bc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:19:57.0414 0x46bc MSiSCSI - ok
13:19:57.0430 0x46bc msiserver - ok
13:19:57.0461 0x46bc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:19:57.0523 0x46bc MSKSSRV - ok
13:19:57.0555 0x46bc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:57.0617 0x46bc MSPCLOCK - ok
13:19:57.0617 0x46bc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:19:57.0695 0x46bc MSPQM - ok
13:19:57.0726 0x46bc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:19:57.0773 0x46bc MsRPC - ok
13:19:57.0804 0x46bc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:19:57.0820 0x46bc mssmbios - ok
13:19:57.0820 0x46bc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:19:57.0898 0x46bc MSTEE - ok
13:19:57.0898 0x46bc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:19:57.0929 0x46bc MTConfig - ok
13:19:57.0960 0x46bc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
13:19:57.0976 0x46bc Mup - ok
13:19:58.0039 0x46bc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
13:19:58.0117 0x46bc napagent - ok
13:19:58.0164 0x46bc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:19:58.0211 0x46bc NativeWifiP - ok
13:19:58.0273 0x46bc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
13:19:58.0336 0x46bc NDIS - ok
13:19:58.0367 0x46bc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:19:58.0429 0x46bc NdisCap - ok
13:19:58.0460 0x46bc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:58.0523 0x46bc NdisTapi - ok
13:19:58.0538 0x46bc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:58.0601 0x46bc Ndisuio - ok
13:19:58.0663 0x46bc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:58.0726 0x46bc NdisWan - ok
13:19:58.0741 0x46bc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:19:58.0804 0x46bc NDProxy - ok
13:19:58.0835 0x46bc [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
13:19:58.0866 0x46bc Netaapl - ok
13:19:58.0913 0x46bc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:19:58.0975 0x46bc NetBIOS - ok
13:19:59.0006 0x46bc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:19:59.0085 0x46bc NetBT - ok
13:19:59.0101 0x46bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
13:19:59.0132 0x46bc Netlogon - ok
13:19:59.0179 0x46bc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
13:19:59.0257 0x46bc Netman - ok
13:19:59.0304 0x46bc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:59.0335 0x46bc NetMsmqActivator - ok
13:19:59.0351 0x46bc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:59.0382 0x46bc NetPipeActivator - ok
13:19:59.0413 0x46bc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
13:19:59.0491 0x46bc netprofm - ok
13:19:59.0522 0x46bc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:59.0553 0x46bc NetTcpActivator - ok
13:19:59.0553 0x46bc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:59.0585 0x46bc NetTcpPortSharing - ok
13:19:59.0631 0x46bc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:19:59.0647 0x46bc nfrd960 - ok
13:19:59.0694 0x46bc [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
13:19:59.0725 0x46bc NlaSvc - ok
13:19:59.0772 0x46bc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:19:59.0834 0x46bc Npfs - ok
13:19:59.0865 0x46bc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
13:19:59.0928 0x46bc nsi - ok
13:19:59.0943 0x46bc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:20:00.0021 0x46bc nsiproxy - ok
13:20:00.0115 0x46bc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:20:00.0209 0x46bc Ntfs - ok
13:20:00.0240 0x46bc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
13:20:00.0302 0x46bc Null - ok
13:20:00.0349 0x46bc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:20:00.0380 0x46bc nvraid - ok
13:20:00.0411 0x46bc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:20:00.0443 0x46bc nvstor - ok
13:20:00.0474 0x46bc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:20:00.0489 0x46bc nv_agp - ok
13:20:00.0521 0x46bc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:20:00.0552 0x46bc ohci1394 - ok
13:20:00.0614 0x46bc [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:00.0645 0x46bc ose64 - ok
13:20:00.0911 0x46bc [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:20:01.0160 0x46bc osppsvc - ok
13:20:01.0223 0x46bc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:20:01.0254 0x46bc p2pimsvc - ok
13:20:01.0301 0x46bc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
13:20:01.0347 0x46bc p2psvc - ok
13:20:01.0379 0x46bc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
13:20:01.0410 0x46bc Parport - ok
13:20:01.0425 0x46bc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:20:01.0457 0x46bc partmgr - ok
13:20:01.0472 0x46bc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
13:20:01.0519 0x46bc PcaSvc - ok
13:20:01.0550 0x46bc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
13:20:01.0566 0x46bc pci - ok
13:20:01.0597 0x46bc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
13:20:01.0628 0x46bc pciide - ok
13:20:01.0644 0x46bc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:20:01.0675 0x46bc pcmcia - ok
13:20:01.0722 0x46bc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
13:20:01.0737 0x46bc pcw - ok
13:20:01.0784 0x46bc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:20:01.0878 0x46bc PEAUTH - ok
13:20:01.0971 0x46bc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:20:02.0065 0x46bc PeerDistSvc - ok
13:20:02.0143 0x46bc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:20:02.0174 0x46bc PerfHost - ok
13:20:02.0268 0x46bc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
13:20:02.0408 0x46bc pla - ok
13:20:02.0471 0x46bc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:20:02.0517 0x46bc PlugPlay - ok
13:20:02.0533 0x46bc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:20:02.0564 0x46bc PNRPAutoReg - ok
13:20:02.0595 0x46bc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:20:02.0642 0x46bc PNRPsvc - ok
13:20:02.0673 0x46bc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:20:02.0767 0x46bc PolicyAgent - ok
13:20:02.0798 0x46bc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
13:20:02.0876 0x46bc Power - ok
13:20:02.0923 0x46bc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:20:02.0985 0x46bc PptpMiniport - ok
13:20:03.0001 0x46bc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
13:20:03.0032 0x46bc Processor - ok
13:20:03.0079 0x46bc [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
13:20:03.0126 0x46bc ProfSvc - ok
13:20:03.0126 0x46bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:20:03.0157 0x46bc ProtectedStorage - ok
13:20:03.0204 0x46bc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:20:03.0266 0x46bc Psched - ok
13:20:03.0360 0x46bc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:20:03.0453 0x46bc ql2300 - ok
13:20:03.0485 0x46bc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:20:03.0516 0x46bc ql40xx - ok
13:20:03.0563 0x46bc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
13:20:03.0609 0x46bc QWAVE - ok
13:20:03.0625 0x46bc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:20:03.0656 0x46bc QWAVEdrv - ok
13:20:03.0687 0x46bc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:20:03.0750 0x46bc RasAcd - ok
13:20:03.0781 0x46bc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:20:03.0843 0x46bc RasAgileVpn - ok
13:20:03.0875 0x46bc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
13:20:03.0953 0x46bc RasAuto - ok
13:20:04.0015 0x46bc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:04.0077 0x46bc Rasl2tp - ok
13:20:04.0296 0x46bc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
13:20:04.0389 0x46bc RasMan - ok
13:20:04.0452 0x46bc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:04.0530 0x46bc RasPppoe - ok
13:20:04.0561 0x46bc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:20:04.0639 0x46bc RasSstp - ok
13:20:04.0670 0x46bc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:20:04.0748 0x46bc rdbss - ok
13:20:04.0779 0x46bc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:20:04.0811 0x46bc rdpbus - ok
13:20:04.0826 0x46bc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:04.0889 0x46bc RDPCDD - ok
13:20:04.0935 0x46bc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:20:04.0967 0x46bc RDPDR - ok
13:20:04.0998 0x46bc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:20:05.0076 0x46bc RDPENCDD - ok
13:20:05.0091 0x46bc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:20:05.0154 0x46bc RDPREFMP - ok
13:20:05.0247 0x46bc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:20:05.0263 0x46bc RdpVideoMiniport - ok
13:20:05.0310 0x46bc [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:20:05.0341 0x46bc RDPWD - ok
13:20:05.0388 0x46bc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:20:05.0419 0x46bc rdyboost - ok
13:20:05.0435 0x46bc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:20:05.0513 0x46bc RemoteAccess - ok
13:20:05.0559 0x46bc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:20:05.0637 0x46bc RemoteRegistry - ok
13:20:05.0669 0x46bc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:20:05.0747 0x46bc RpcEptMapper - ok
13:20:05.0809 0x46bc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
13:20:05.0840 0x46bc RpcLocator - ok
13:20:05.0887 0x46bc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
13:20:05.0981 0x46bc RpcSs - ok
13:20:06.0027 0x46bc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:20:06.0090 0x46bc rspndr - ok
13:20:06.0137 0x46bc [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:20:06.0183 0x46bc RTL8167 - ok
13:20:06.0215 0x46bc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:20:06.0230 0x46bc s3cap - ok
13:20:06.0246 0x46bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
13:20:06.0277 0x46bc SamSs - ok
13:20:06.0293 0x46bc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:20:06.0324 0x46bc sbp2port - ok
13:20:06.0371 0x46bc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:20:06.0449 0x46bc SCardSvr - ok
13:20:06.0464 0x46bc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:20:06.0542 0x46bc scfilter - ok
13:20:06.0620 0x46bc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
13:20:06.0745 0x46bc Schedule - ok
13:20:06.0807 0x46bc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:20:06.0885 0x46bc SCPolicySvc - ok
13:20:06.0932 0x46bc [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:20:06.0963 0x46bc sdbus - ok
13:20:07.0010 0x46bc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:20:07.0041 0x46bc SDRSVC - ok
13:20:07.0197 0x46bc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:20:07.0275 0x46bc secdrv - ok
13:20:07.0307 0x46bc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
13:20:07.0353 0x46bc seclogon - ok
13:20:07.0369 0x46bc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
13:20:07.0431 0x46bc SENS - ok
13:20:07.0447 0x46bc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:20:07.0463 0x46bc SensrSvc - ok
13:20:07.0478 0x46bc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:20:07.0509 0x46bc Serenum - ok
13:20:07.0541 0x46bc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
13:20:07.0556 0x46bc Serial - ok
13:20:07.0587 0x46bc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:20:07.0603 0x46bc sermouse - ok
13:20:07.0697 0x46bc [ C471C170BFB078DEB5CF7C270D47B529, D9D5E88266EEDEDF97B4210EC3AF89FB93EA358476F40EDBC068D2121E036438 ] Service KMSELDI C:\Program Files\KMSpico\Service_KMS.exe
13:20:07.0775 0x46bc Service KMSELDI - detected UnsignedFile.Multi.Generic ( 1 )
13:20:10.0739 0x46bc Service KMSELDI ( UnsignedFile.Multi.Generic ) - warning
13:20:13.0562 0x46bc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
13:20:13.0640 0x46bc SessionEnv - ok
13:20:13.0687 0x46bc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:20:13.0718 0x46bc sffdisk - ok
13:20:13.0734 0x46bc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:20:13.0765 0x46bc sffp_mmc - ok
13:20:13.0781 0x46bc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:20:13.0812 0x46bc sffp_sd - ok
13:20:13.0827 0x46bc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:20:13.0843 0x46bc sfloppy - ok
13:20:13.0921 0x46bc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:20:13.0999 0x46bc SharedAccess - ok
13:20:14.0061 0x46bc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:20:14.0139 0x46bc ShellHWDetection - ok
13:20:14.0186 0x46bc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:20:14.0217 0x46bc SiSRaid2 - ok
13:20:14.0233 0x46bc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:20:14.0264 0x46bc SiSRaid4 - ok
13:20:14.0327 0x46bc [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:20:14.0373 0x46bc SkypeUpdate - ok
13:20:14.0420 0x46bc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:20:14.0483 0x46bc Smb - ok
13:20:14.0545 0x46bc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:20:14.0576 0x46bc SNMPTRAP - ok
13:20:14.0592 0x46bc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
13:20:14.0623 0x46bc spldr - ok
13:20:14.0685 0x46bc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
13:20:14.0732 0x46bc Spooler - ok
13:20:14.0873 0x46bc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
13:20:15.0075 0x46bc sppsvc - ok
13:20:15.0153 0x46bc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:20:15.0216 0x46bc sppuinotify - ok
13:20:15.0278 0x46bc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:20:15.0309 0x46bc srv - ok
13:20:15.0341 0x46bc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:20:15.0372 0x46bc srv2 - ok
13:20:15.0403 0x46bc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:20:15.0419 0x46bc srvnet - ok
13:20:15.0450 0x46bc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:20:15.0512 0x46bc SSDPSRV - ok
13:20:15.0528 0x46bc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:20:15.0590 0x46bc SstpSvc - ok
13:20:15.0699 0x46bc [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C, 8EBBFA456D93E63AF9D64CC95A58651E2C1B1398B6052C0E65D3005AD5AC8CB5 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
13:20:15.0731 0x46bc STacSV - ok
13:20:15.0762 0x46bc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:20:15.0777 0x46bc stexstor - ok
13:20:15.0824 0x46bc [ DFFBC024DFC7BB05B2129E05CBC7A201, CA07944B864D7F3DA673040CF6314FECCAF80B8EADAF648392AE79697DAC15B4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:20:15.0871 0x46bc STHDA - ok
13:20:15.0933 0x46bc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
13:20:16.0011 0x46bc stisvc - ok
13:20:16.0043 0x46bc [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:20:16.0074 0x46bc storflt - ok
13:20:16.0105 0x46bc [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
13:20:16.0136 0x46bc StorSvc - ok
13:20:16.0152 0x46bc [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:20:16.0183 0x46bc storvsc - ok
13:20:16.0214 0x46bc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:20:16.0245 0x46bc swenum - ok
13:20:16.0386 0x46bc [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:20:16.0417 0x46bc SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:20:19.0194 0x46bc Detect skipped due to KSN trusted
13:20:19.0194 0x46bc SwitchBoard - ok
13:20:19.0287 0x46bc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
13:20:19.0397 0x46bc swprv - ok
13:20:19.0443 0x46bc [ AC3CC98B1BDB6540021D3FFB105AC2B9, 671146CC16139AECE0BCCC44983807E045A930E262F64461D0D882A0A0B77E4F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:20:19.0475 0x46bc SynTP - ok
13:20:19.0568 0x46bc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
13:20:19.0693 0x46bc SysMain - ok
13:20:19.0724 0x46bc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:20:19.0755 0x46bc TabletInputService - ok
13:20:19.0849 0x46bc [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
13:20:19.0865 0x46bc tap0901 - ok
13:20:19.0896 0x46bc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
13:20:19.0989 0x46bc TapiSrv - ok
13:20:20.0005 0x46bc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
13:20:20.0083 0x46bc TBS - ok
13:20:20.0208 0x46bc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:20:20.0301 0x46bc Tcpip - ok
13:20:20.0411 0x46bc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:20:20.0520 0x46bc TCPIP6 - ok
13:20:20.0551 0x46bc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:20:20.0582 0x46bc tcpipreg - ok
13:20:20.0613 0x46bc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:20:20.0629 0x46bc TDPIPE - ok
13:20:20.0660 0x46bc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:20:20.0691 0x46bc TDTCP - ok
13:20:20.0738 0x46bc [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:20:20.0769 0x46bc tdx - ok
13:20:20.0785 0x46bc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:20:20.0816 0x46bc TermDD - ok
13:20:20.0879 0x46bc [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
13:20:20.0941 0x46bc TermService - ok
13:20:20.0972 0x46bc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
13:20:21.0003 0x46bc Themes - ok
13:20:21.0035 0x46bc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
13:20:21.0113 0x46bc THREADORDER - ok
13:20:21.0144 0x46bc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
13:20:21.0222 0x46bc TrkWks - ok
13:20:21.0269 0x46bc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:20:21.0347 0x46bc TrustedInstaller - ok
13:20:21.0393 0x46bc [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:21.0409 0x46bc tssecsrv - ok
13:20:21.0456 0x46bc [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:20:21.0471 0x46bc TsUsbFlt - ok
13:20:21.0503 0x46bc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:20:21.0534 0x46bc TsUsbGD - ok
13:20:21.0596 0x46bc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:20:21.0674 0x46bc tunnel - ok
13:20:21.0690 0x46bc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:20:21.0705 0x46bc uagp35 - ok
13:20:21.0752 0x46bc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:20:21.0830 0x46bc udfs - ok
13:20:21.0877 0x46bc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:20:21.0908 0x46bc UI0Detect - ok
13:20:21.0939 0x46bc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:20:21.0955 0x46bc uliagpkx - ok
13:20:22.0002 0x46bc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:20:22.0033 0x46bc umbus - ok
13:20:22.0049 0x46bc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
13:20:22.0064 0x46bc UmPass - ok
13:20:22.0095 0x46bc [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
13:20:22.0142 0x46bc UmRdpService - ok
13:20:22.0142 0x46bc Update RightSurf - ok
13:20:22.0189 0x46bc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
13:20:22.0283 0x46bc upnphost - ok
13:20:22.0345 0x46bc [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:20:22.0361 0x46bc USBAAPL64 - ok
13:20:22.0407 0x46bc [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:20:22.0439 0x46bc usbaudio - ok
13:20:22.0470 0x46bc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:20:22.0485 0x46bc usbccgp - ok
13:20:22.0532 0x46bc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:20:22.0579 0x46bc usbcir - ok
13:20:22.0610 0x46bc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:20:22.0626 0x46bc usbehci - ok
13:20:22.0673 0x46bc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:20:22.0719 0x46bc usbhub - ok
13:20:22.0735 0x46bc [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:20:22.0751 0x46bc usbohci - ok
13:20:22.0782 0x46bc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:20:22.0813 0x46bc usbprint - ok
13:20:22.0844 0x46bc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:20:22.0875 0x46bc usbscan - ok
13:20:22.0907 0x46bc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:20:22.0938 0x46bc USBSTOR - ok
13:20:22.0969 0x46bc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:20:22.0985 0x46bc usbuhci - ok
13:20:23.0031 0x46bc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:20:23.0063 0x46bc usbvideo - ok
13:20:23.0094 0x46bc Util RightSurf - ok
13:20:23.0109 0x46bc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
13:20:23.0187 0x46bc UxSms - ok
13:20:23.0187 0x46bc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
13:20:23.0219 0x46bc VaultSvc - ok
13:20:23.0250 0x46bc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:20:23.0281 0x46bc vdrvroot - ok
13:20:23.0328 0x46bc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
13:20:23.0421 0x46bc vds - ok
13:20:23.0437 0x46bc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:20:23.0468 0x46bc vga - ok
13:20:23.0484 0x46bc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:20:23.0562 0x46bc VgaSave - ok
13:20:23.0593 0x46bc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:20:23.0624 0x46bc vhdmp - ok
13:20:23.0655 0x46bc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
13:20:23.0687 0x46bc viaide - ok
13:20:23.0733 0x46bc [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:20:23.0765 0x46bc vmbus - ok
13:20:23.0780 0x46bc [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:20:23.0811 0x46bc VMBusHID - ok
13:20:23.0843 0x46bc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:20:23.0874 0x46bc volmgr - ok
13:20:23.0905 0x46bc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:20:23.0952 0x46bc volmgrx - ok
13:20:23.0967 0x46bc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:20:24.0014 0x46bc volsnap - ok
13:20:24.0045 0x46bc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:20:24.0077 0x46bc vsmraid - ok
13:20:24.0170 0x46bc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
13:20:24.0326 0x46bc VSS - ok
13:20:24.0357 0x46bc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:20:24.0389 0x46bc vwifibus - ok
13:20:24.0420 0x46bc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:20:24.0451 0x46bc vwififlt - ok
13:20:24.0482 0x46bc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:20:24.0513 0x46bc vwifimp - ok
13:20:24.0560 0x46bc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
13:20:24.0638 0x46bc W32Time - ok
13:20:24.0685 0x46bc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:20:24.0701 0x46bc WacomPen - ok
13:20:24.0732 0x46bc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:20:24.0794 0x46bc WANARP - ok
13:20:24.0810 0x46bc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:20:24.0872 0x46bc Wanarpv6 - ok
13:20:24.0981 0x46bc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:20:25.0059 0x46bc WatAdminSvc - ok
13:20:25.0153 0x46bc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
13:20:25.0262 0x46bc wbengine - ok
13:20:25.0293 0x46bc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:20:25.0340 0x46bc WbioSrvc - ok
13:20:25.0371 0x46bc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:20:25.0434 0x46bc wcncsvc - ok
13:20:25.0449 0x46bc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:20:25.0481 0x46bc WcsPlugInService - ok
13:20:25.0512 0x46bc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
13:20:25.0543 0x46bc Wd - ok
13:20:25.0590 0x46bc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:20:25.0652 0x46bc Wdf01000 - ok
13:20:25.0683 0x46bc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:20:25.0730 0x46bc WdiServiceHost - ok
13:20:25.0746 0x46bc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:20:25.0777 0x46bc WdiSystemHost - ok
13:20:25.0808 0x46bc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
13:20:25.0855 0x46bc WebClient - ok
13:20:25.0886 0x46bc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:20:25.0964 0x46bc Wecsvc - ok
13:20:25.0980 0x46bc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:20:26.0058 0x46bc wercplsupport - ok
13:20:26.0089 0x46bc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
13:20:26.0167 0x46bc WerSvc - ok
13:20:26.0214 0x46bc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:20:26.0276 0x46bc WfpLwf - ok
13:20:26.0292 0x46bc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:20:26.0323 0x46bc WIMMount - ok
13:20:26.0339 0x46bc WinDefend - ok
13:20:26.0370 0x46bc WinHttpAutoProxySvc - ok
13:20:26.0417 0x46bc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:20:26.0496 0x46bc Winmgmt - ok
13:20:26.0620 0x46bc [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
13:20:26.0745 0x46bc WinRM - ok
13:20:26.0808 0x46bc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:20:26.0839 0x46bc WinUsb - ok
13:20:26.0901 0x46bc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:20:26.0995 0x46bc Wlansvc - ok
13:20:27.0026 0x46bc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:20:27.0042 0x46bc WmiAcpi - ok
13:20:27.0088 0x46bc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:20:27.0120 0x46bc wmiApSrv - ok
13:20:27.0135 0x46bc WMPNetworkSvc - ok
13:20:27.0166 0x46bc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:20:27.0198 0x46bc WPCSvc - ok
13:20:27.0213 0x46bc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:20:27.0244 0x46bc WPDBusEnum - ok
13:20:27.0276 0x46bc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:20:27.0338 0x46bc ws2ifsl - ok
13:20:27.0369 0x46bc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
13:20:27.0416 0x46bc wscsvc - ok
13:20:27.0416 0x46bc WSearch - ok
13:20:27.0556 0x46bc [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
13:20:27.0712 0x46bc wuauserv - ok
13:20:27.0759 0x46bc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:20:27.0775 0x46bc WudfPf - ok
13:20:27.0806 0x46bc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:20:27.0837 0x46bc WUDFRd - ok
13:20:27.0868 0x46bc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:20:27.0900 0x46bc wudfsvc - ok
13:20:27.0946 0x46bc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
13:20:27.0993 0x46bc WwanSvc - ok
13:20:28.0040 0x46bc ================ Scan global ===============================
13:20:28.0071 0x46bc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:20:28.0118 0x46bc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:20:28.0134 0x46bc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:20:28.0180 0x46bc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:20:28.0212 0x46bc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:20:28.0227 0x46bc [ Global ] - ok
13:20:28.0227 0x46bc ================ Scan MBR ==================================
13:20:28.0243 0x46bc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:20:29.0148 0x46bc \Device\Harddisk0\DR0 - ok
13:20:29.0148 0x46bc ================ Scan VBR ==================================
13:20:29.0179 0x46bc [ C7132D7EF4281D2D373864CA49F586BF ] \Device\Harddisk0\DR0\Partition1
13:20:29.0179 0x46bc \Device\Harddisk0\DR0\Partition1 - ok
13:20:29.0194 0x46bc [ EE0089E2B868FC8C265E7537009B43AC ] \Device\Harddisk0\DR0\Partition2
13:20:29.0194 0x46bc \Device\Harddisk0\DR0\Partition2 - ok
13:20:29.0194 0x46bc [ 478516D8FA8F92E12E245B4B625C204A ] \Device\Harddisk0\DR0\Partition3
13:20:29.0194 0x46bc \Device\Harddisk0\DR0\Partition3 - ok
13:20:29.0194 0x46bc ================ Scan generic autorun ======================
13:20:29.0257 0x46bc [ 2EEED500C1EC095CB3D0DE7A3C7E4278, 06D0DC42A7DE207D675A0DE69001D20941FC0B8D067504CD8B56DD0B952A5ACE ] C:\Program Files\IDT\WDM\sttray64.exe
13:20:29.0304 0x46bc SysTrayApp - ok
13:20:29.0304 0x46bc SynTPEnh - ok
13:20:29.0397 0x46bc [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
13:20:29.0444 0x46bc AdobeAAMUpdater-1.0 - ok
13:20:29.0491 0x46bc [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:20:29.0522 0x46bc SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
13:20:29.0522 0x46bc Detect skipped due to KSN trusted
13:20:29.0522 0x46bc SwitchBoard - ok
13:20:29.0631 0x46bc [ 3EE19173AC7BB16AD239B195D97C13B0, A9E5FC90F20DC7500A186C9D184ED55BC04038FFC6D97714E64C660EAE808A98 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
13:20:29.0694 0x46bc AdobeCS6ServiceManager - ok
13:20:29.0772 0x46bc [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
13:20:29.0818 0x46bc avgnt - ok
13:20:29.0959 0x46bc [ 49161D25F38D52B026AA6B718E9F05B8, 80CEE409BC07722C3092393817A8C771469331EC12FFD6200A6E7CD302C0E11F ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
13:20:30.0084 0x46bc Adobe Creative Cloud - ok
13:20:30.0115 0x46bc [ 5100ADC704F2D6CE3DF8C0D5105D6C84, BD46EE57F881EDAB63A0540186D9471F4C70F3E4D72F1C52D72DD9BADF9E7334 ] C:\Program Files (x86)\PDF24\pdf24.exe
13:20:30.0146 0x46bc PDFPrint - ok
13:20:30.0208 0x46bc [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:20:30.0224 0x46bc iTunesHelper - ok
13:20:30.0271 0x46bc [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:20:30.0302 0x46bc SunJavaUpdateSched - ok
13:20:30.0349 0x46bc [ BA18CFAB98426BFA6D6EC7E5B1961ED0, 540BF2CFDB099296F2AA24D192EFC5B013C88C0152763454521355ACBB50337D ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
13:20:30.0380 0x46bc Avira Systray - ok
13:20:30.0489 0x46bc [ 34560253EF56416ED5F9192AA258407E, 1915FED010A852C65A4BF809D9DC8E8C96ECCABFC6707F1EBA946630F4E56CAF ] C:\Program Files (x86)\Trojan Remover\Trjscan.exe
13:20:30.0598 0x46bc TrojanScanner - ok
13:20:30.0739 0x46bc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:20:30.0832 0x46bc Sidebar - ok
13:20:30.0864 0x46bc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:20:30.0910 0x46bc mctadmin - ok
13:20:30.0973 0x46bc [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:20:31.0066 0x46bc Sidebar - ok
13:20:31.0082 0x46bc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:20:31.0113 0x46bc mctadmin - ok
13:20:31.0129 0x46bc LiveSupport - ok
13:20:31.0207 0x46bc [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
13:20:31.0222 0x46bc iCloudServices - ok
13:20:31.0254 0x46bc [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
13:20:31.0269 0x46bc ApplePhotoStreams - ok
13:20:31.0300 0x46bc FlashPlayerUpdate - ok
13:20:31.0300 0x46bc Waiting for KSN requests completion. In queue: 138
13:20:32.0314 0x46bc Waiting for KSN requests completion. In queue: 138
13:20:33.0328 0x46bc Waiting for KSN requests completion. In queue: 138
13:20:34.0374 0x46bc AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
13:20:34.0389 0x46bc Win FW state via NFP2: disabled
13:20:37.0119 0x46bc ============================================================
13:20:37.0119 0x46bc Scan finished
13:20:37.0119 0x46bc ============================================================
13:20:37.0135 0x39dc Detected object count: 2
13:20:37.0135 0x39dc Actual detected object count: 2
13:20:54.0077 0x39dc Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:54.0077 0x39dc Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:20:54.0077 0x39dc Service KMSELDI ( UnsignedFile.Multi.Generic ) - skipped by user
13:20:54.0077 0x39dc Service KMSELDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:21:03.0126 0x4254 Deinitialize success
|
|
02.02.2015, 17:48
| #5 |
| /// the machine /// TB-Ausbilder | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Avira immer aus, aber Internet dran lassen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.02.2015, 22:38
| #6 |
| | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Combofix.txt: Code:
ATTFilter ComboFix 15-02-02.01 - Dirk 02.02.2015 21:55:43.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4093.2399 [GMT 1:00]
ausgeführt von:: c:\users\Dirk\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dirk\AppData\Local\Adobe\gccheck.exe
c:\users\Dirk\AppData\Local\Adobe\gtbcheck.exe
c:\users\Dirk\AppData\Local\Microsoft\Windows\Temporary Internet Files\RightSurf_iels
c:\users\Dirk\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\security\Database\tmp.edb
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Service KMSELDI
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-02 bis 2015-02-02 ))))))))))))))))))))))))))))))
.
.
2015-02-02 21:06 . 2015-02-02 21:06 -------- d-----w- c:\program files\WajaWebEnhancer
2015-02-02 11:30 . 2015-02-02 11:30 -------- d-----w- c:\programdata\Malwarebytes
2015-02-02 11:30 . 2015-02-02 12:06 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-02 11:30 . 2015-02-02 11:30 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-02 11:27 . 2015-02-02 11:28 97496 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-02 11:12 . 2015-02-02 11:12 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-02-01 18:44 . 2015-02-01 18:47 -------- d-----w- C:\FRST
2015-02-01 18:41 . 2015-02-02 11:01 -------- d-----w- C:\Problem-Software
2015-01-31 14:52 . 2015-01-31 14:52 -------- d-----w- c:\programdata\Licenses
2015-01-31 14:47 . 2015-01-31 14:47 -------- d-----w- c:\users\Dirk\AppData\Roaming\Simply Super Software
2015-01-31 14:47 . 2015-01-31 14:47 -------- d-----w- c:\program files (x86)\Trojan Remover
2015-01-31 14:47 . 2015-01-31 14:47 -------- d-----w- c:\programdata\Simply Super Software
2015-01-26 08:30 . 2015-01-26 08:31 -------- d-----w- c:\users\Dirk\AppData\Local\Google
2015-01-26 08:30 . 2015-01-26 08:31 -------- d-----w- c:\program files (x86)\Google
2015-01-26 08:30 . 2015-01-26 08:30 880784 ----a-w- c:\program files\ChromeSetup.exe
2015-01-15 07:32 . 2015-01-15 15:06 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-01-12 19:18 . 2015-01-12 19:18 -------- d-----w- c:\windows\Sun
2015-01-05 13:08 . 2015-01-05 13:08 -------- d-----w- c:\users\Dirk\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 21:23 . 2014-01-31 19:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 21:23 . 2014-01-31 19:21 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 16:24 . 2014-01-30 21:28 113365784 ----a-w- c:\windows\system32\MRT.exe
2014-12-13 05:09 . 2014-12-18 06:13 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 06:13 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 07:15 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 07:15 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 07:15 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 07:15 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 07:15 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 07:15 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 07:15 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 07:15 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 07:15 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 07:15 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 07:15 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 07:15 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 07:15 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 07:15 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 07:15 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 07:15 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 07:15 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 07:15 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 07:15 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 07:15 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 07:15 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 07:15 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 07:15 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 07:15 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 07:15 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 07:15 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 07:15 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 07:15 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 07:15 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 07:15 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 07:15 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 07:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 07:15 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 07:15 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 07:15 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 07:15 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 07:15 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 07:15 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 07:15 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 07:15 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 07:15 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 07:15 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 07:15 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 07:15 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 07:15 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 07:15 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 07:15 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 07:15 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-18 19:47 . 2014-11-18 19:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-11 07:15 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 08:45 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 08:45 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 07:15 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 08:45 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 08:45 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 07:15 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-11 07:14 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-11 07:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19 1729744 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-02-11 2239376]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-12 186408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-11-20 126200]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2014-10-16 1791856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update RightSurf;Update RightSurf;c:\program files (x86)\RightSurf\updateRightSurf.exe;c:\program files (x86)\RightSurf\updateRightSurf.exe [x]
R2 Util RightSurf;Util RightSurf;c:\program files (x86)\RightSurf\bin\utilRightSurf.exe;c:\program files (x86)\RightSurf\bin\utilRightSurf.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Internet Enhancer Service;Internet Enhancer Service;c:\program files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe;c:\program files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancerService.exe [x]
S2 Wajam Web Enhancer;Wajam Web Enhancer;c:\program files\WajaWebEnhancer\wajam_64.exe;c:\program files\WajaWebEnhancer\wajam_64.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 06:58 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-31 21:23]
.
2015-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26 08:30]
.
2015-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-26 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-02-11 02:21 644464 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Dirk\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.autosport.at/
mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391763618&from=smt&uid=ST500LT012-1DG142_S3P1KVBGXXXXS3P1KVBG&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391763618&from=smt&uid=ST500LT012-1DG142_S3P1KVBGXXXXS3P1KVBG&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49201;https=127.0.0.1:49201
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C03FF709-A07B-4859-8911-F71D0D84E441}: NameServer = 213.162.69.170 213.162.69.2
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.autosport.at/
FF - prefs.js: network.proxy.type - 5
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 178945102
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtByDyDyCtAzyyByByBtD0F0E0A0FtN0D0Tzu0CyByBtBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu1G2Z1S
FF - user.js: network.http.spdy.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Wajam Web Enhancer - c:\program files\WajaWebEnhancer\WWE_uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_296.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\programdata\Internet Manager\OnlineUpdate\LiveUpd.exe
c:\program files (x86)\WaInterEnhance\WaInterEnhance Internet Enhancer\InternetEnhancer.exe
c:\program files\WajaWebEnhancer\wajam.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\program files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\program files (x86)\Java\jre7\bin\jp2launcher.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-02 22:15:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-02-02 21:15
.
Vor Suchlauf: 14 Verzeichnis(se), 137.555.677.184 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 137.835.102.208 Bytes frei
.
- - End Of File - - B7659CC9BE504444E7D1CAEE2BAF357F
A36C5E4F47E84449FF07ED3517B43A31
|
|
03.02.2015, 11:49
| #7 |
| /// the machine /// TB-Ausbilder | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.02.2015, 13:09
| #8 |
| | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Hier die mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 03.02.2015 Scan Time: 11:58:57 Logfile: mbam.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.03.03 Rootkit Database: v2015.01.14.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Dirk Scan Type: Threat Scan Result: Completed Objects Scanned: 352816 Time Elapsed: 18 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) AdwCleaner: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 12:49:59
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Dirk - DIRK-PC
# Gestartet von : C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Util RightSurf
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\SimilarSites
Ordner Gelöscht : C:\Users\Dirk\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\1H1Q
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\FoxTab
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\Bitberry Software
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
[7qzxmebu.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
-\\ Google Chrome v40.0.2214.93
-\\ Comodo Dragon v31.1.2.0
*************************
AdwCleaner[R0].txt - [3040 octets] - [03/02/2015 12:36:10]
AdwCleaner[R1].txt - [3100 octets] - [03/02/2015 12:44:32]
AdwCleaner[S0].txt - [2714 octets] - [03/02/2015 12:49:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2774 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Dirk on 03.02.2015 at 12:55:58,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update rightsurf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util rightsurf
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\7qzxmebu.default\minidumps [183 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at 13:02:46,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Dirk (administrator) on DIRK-PC on 03-02-2015 13:05:33
Running from C:\Users\Dirk\Desktop
Loaded Profiles: Dirk (Available profiles: Dirk)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = - Autosport.at - Motorsport Bild- und Nachrichtenagentur
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C03FF709-A07B-4859-8911-F71D0D84E441}: [NameServer] 213.162.69.170 213.162.69.2
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default
FF Homepage: hxxp://www.autosport.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-16]
FF Extension: PageRank - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\PageRank@addonfactory.in.xpi [2014-02-01]
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
CHR Extension: (Google Docs) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google-Suche) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Google Tabellen) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR Extension: (Google Mail) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-07] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 13:05 - 2015-02-03 13:05 - 00017168 _____ () C:\Users\Dirk\Desktop\FRST.txt
2015-02-03 13:02 - 2015-02-03 13:02 - 00001014 _____ () C:\Users\Dirk\Desktop\JRT.txt
2015-02-03 12:54 - 2015-02-03 12:54 - 00002854 _____ () C:\Users\Dirk\Desktop\AdwCleaner[S0].txt
2015-02-03 12:36 - 2015-02-03 12:50 - 00000000 ____D () C:\AdwCleaner
2015-02-03 12:21 - 2015-02-03 12:21 - 00001055 _____ () C:\Users\Dirk\Desktop\mbam.txt
2015-02-03 11:58 - 2015-02-03 11:58 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-03 11:58 - 2015-02-03 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-03 11:58 - 2015-02-03 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-03 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-03 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-03 11:55 - 2015-02-03 11:55 - 02194432 _____ () C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
2015-02-03 11:55 - 2015-02-03 11:55 - 01388274 _____ (Thisisu) C:\Users\Dirk\Desktop\JRT.exe
2015-02-02 22:15 - 2015-02-02 22:15 - 00029062 _____ () C:\ComboFix.txt
2015-02-02 21:24 - 2015-02-02 22:15 - 00000000 ____D () C:\Qoobox
2015-02-02 21:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-02 21:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-02 21:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-02 21:23 - 2015-02-02 22:12 - 00000000 ____D () C:\Windows\erdnt
2015-02-02 21:16 - 2015-02-02 21:16 - 05611380 ____R (Swearware) C:\Users\Dirk\Desktop\ComboFix.exe
2015-02-02 12:30 - 2015-02-03 12:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 12:30 - 2015-02-03 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 12:30 - 2015-02-03 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 12:28 - 2015-02-02 12:28 - 00000000 ____D () C:\Users\Dirk\Desktop\mbar-1.08.3.1004
2015-02-02 12:27 - 2015-02-02 12:27 - 00000000 ____D () C:\Users\Dirk\Desktop\mbar
2015-02-02 12:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 12:13 - 2015-02-02 12:13 - 00001238 _____ () C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
2015-02-02 12:12 - 2015-02-02 12:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 12:07 - 2015-02-02 13:13 - 00188656 _____ () C:\Users\Dirk\Desktop\Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser - Trojaner-Board.htm
2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Dirk\Desktop\Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser - Trojaner-Board_files
2015-02-02 12:03 - 2015-02-02 12:03 - 00001982 _____ () C:\Users\Dirk\Desktop\schritt-2-troja.txt
2015-02-02 12:02 - 2015-02-02 12:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Dirk\Desktop\tdsskiller.exe
2015-02-02 12:02 - 2015-02-02 12:02 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Dirk\Desktop\mbar-1.08.3.1004.exe
2015-02-02 10:23 - 2015-02-02 10:23 - 00004562 _____ () C:\Users\Dirk\Desktop\gmer.log
2015-02-01 19:56 - 2015-02-01 19:56 - 00000086 _____ () C:\Users\Dirk\Desktop\trojaboard.txt
2015-02-01 19:46 - 2015-02-01 19:47 - 00026073 _____ () C:\Users\Dirk\Desktop\Addition.txt
2015-02-01 19:44 - 2015-02-03 13:05 - 00000000 ____D () C:\FRST
2015-02-01 19:44 - 2015-02-01 19:44 - 02131456 _____ (Farbar) C:\Users\Dirk\Desktop\FRST64.exe
2015-02-01 19:42 - 2015-02-01 19:42 - 00000470 _____ () C:\Users\Dirk\Desktop\defogger_disable.log
2015-02-01 19:42 - 2015-02-01 19:42 - 00000000 _____ () C:\Users\Dirk\defogger_reenable
2015-02-01 19:41 - 2015-02-03 11:54 - 00000000 ____D () C:\Problem-Software
2015-02-01 19:41 - 2015-02-01 19:41 - 00050477 _____ () C:\Users\Dirk\Desktop\Defogger.exe
2015-01-31 15:52 - 2015-02-02 22:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Users\Dirk\Documents\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-31 15:46 - 2015-01-31 15:46 - 31390952 _____ (Simply Super Software ) C:\Users\Dirk\Downloads\trjsetup691.exe
2015-01-27 08:09 - 2015-01-27 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 09:31 - 2015-01-26 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 09:30 - 2015-02-03 12:53 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 09:30 - 2015-02-03 12:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 09:30 - 2015-01-26 09:31 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Google
2015-01-26 09:30 - 2015-01-26 09:31 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 09:30 - 2015-01-26 09:30 - 00880784 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2015-01-26 09:30 - 2015-01-26 09:30 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 09:30 - 2015-01-26 09:30 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-17 13:13 - 2015-01-17 13:14 - 06381120 _____ (Tim Kosse) C:\Users\Dirk\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-15 08:32 - 2015-01-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 07:38 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:38 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:38 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:38 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:38 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:38 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:38 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:38 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:38 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:38 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:38 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:38 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:38 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 08:52 - 2015-01-13 08:52 - 00000971 _____ () C:\Users\Dirk\Desktop\Zahlungen - Verknüpfung.lnk
2015-01-12 20:18 - 2015-01-12 20:18 - 00000000 ____D () C:\Windows\Sun
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 13:06 - 2014-02-12 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 12:59 - 2009-07-14 05:45 - 00036752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 12:59 - 2009-07-14 05:45 - 00036752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 12:57 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 12:57 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 12:57 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 12:55 - 2014-11-10 08:36 - 00001107 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-03 12:55 - 2014-01-31 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-03 12:55 - 2014-01-31 17:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-03 12:54 - 2014-01-31 18:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 12:54 - 2014-01-30 21:53 - 01063066 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 12:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 12:50 - 2010-11-21 04:47 - 00174704 _____ () C:\Windows\PFRO.log
2015-02-03 12:50 - 2009-07-14 05:51 - 00084635 _____ () C:\Windows\setupact.log
2015-02-03 12:22 - 2014-02-06 15:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-03 11:26 - 2014-01-31 20:58 - 00000000 ____D () C:\Program Files (x86)\RenWiz
2015-02-02 22:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-02 22:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-02 22:05 - 2014-01-31 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 22:04 - 2009-07-14 03:34 - 71565312 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-02 22:02 - 2014-01-31 17:18 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-02-01 19:42 - 2014-01-30 21:59 - 00000000 ____D () C:\Users\Dirk
2015-02-01 12:38 - 2014-02-06 13:14 - 00000600 _____ () C:\Users\Dirk\AppData\Roaming\winscp.rnd
2015-02-01 11:40 - 2014-01-31 19:51 - 00001456 _____ () C:\Users\Dirk\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-25 22:23 - 2014-02-12 09:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:23 - 2014-01-31 20:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:23 - 2014-01-31 20:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 14:25 - 2014-01-31 20:44 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-01-17 18:09 - 2014-02-09 14:21 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\FileZilla
2015-01-17 13:14 - 2014-01-31 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-14 17:29 - 2014-01-30 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:24 - 2014-01-30 22:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 14:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2015-01-26 09:30 - 2015-01-26 09:30 - 0880784 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2014-09-18 09:01 - 2014-09-18 09:01 - 0000132 _____ () C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-11-09 10:57 - 2014-12-21 19:03 - 0000132 _____ () C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-10 20:16 - 2014-07-19 04:52 - 0000138 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2014-02-06 13:14 - 2015-02-01 12:38 - 0000600 _____ () C:\Users\Dirk\AppData\Roaming\winscp.rnd
2014-01-31 19:51 - 2015-02-01 11:40 - 0001456 _____ () C:\Users\Dirk\AppData\Local\Adobe Save for Web 13.0 Prefs
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\Temp\avgnt.exe
C:\Users\Dirk\AppData\Local\Temp\Quarantine.exe
C:\Users\Dirk\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-02 22:32
==================== End Of Log ============================
|
|
03.02.2015, 19:05
| #9 |
| /// the machine /// TB-Ausbilder | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem BrowserESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.02.2015, 20:56
| #10 |
| | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Eset nach fast 23 Stunden beendet: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1e8e3b351ca7f44fbe5e43d970204214
# engine=22293
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-04 07:41:52
# local_time=2015-02-04 08:41:52 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 99865 35726937 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 31885738 174708762 0 0
# scanned=1895865
# found=0
# cleaned=0
# scan_time=81402
Security-Check fauerte lediglich eine Sekunde: Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Dirk (administrator) on DIRK-PC on 04-02-2015 20:53:38
Running from C:\Users\Dirk\Desktop
Loaded Profiles: Dirk (Available profiles: Dirk)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
() C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2636347820-3807825714-3230885982-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.autosport.at/
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C03FF709-A07B-4859-8911-F71D0D84E441}: [NameServer] 213.162.69.170 213.162.69.2
FireFox:
========
FF ProfilePath: C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default
FF Homepage: hxxp://www.autosport.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firebug - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\firebug@software.joehewitt.com.xpi [2014-02-01]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-16]
FF Extension: PageRank - C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\7qzxmebu.default\Extensions\PageRank@addonfactory.in.xpi [2014-02-01]
Chrome:
=======
CHR Profile: C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-26]
CHR Extension: (Google Docs) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-26]
CHR Extension: (Google Drive) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-26]
CHR Extension: (YouTube) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google-Suche) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Google Tabellen) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-26]
CHR Extension: (Google Wallet) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-26]
CHR Extension: (Google Mail) - C:\Users\Dirk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-07] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 20:53 - 2015-02-04 20:53 - 00000000 ____D () C:\Users\Dirk\Desktop\FRST-OlderVersion
2015-02-04 20:52 - 2015-02-04 20:52 - 00000041 _____ () C:\Users\Dirk\Desktop\checkup.txt
2015-02-03 20:02 - 2015-02-03 20:02 - 00852573 _____ () C:\Users\Dirk\Desktop\SecurityCheck.exe
2015-02-03 13:05 - 2015-02-04 20:53 - 00016828 _____ () C:\Users\Dirk\Desktop\FRST.txt
2015-02-03 13:02 - 2015-02-03 13:02 - 00001014 _____ () C:\Users\Dirk\Desktop\JRT.txt
2015-02-03 12:54 - 2015-02-03 12:54 - 00002854 _____ () C:\Users\Dirk\Desktop\AdwCleaner[S0].txt
2015-02-03 12:36 - 2015-02-03 12:50 - 00000000 ____D () C:\AdwCleaner
2015-02-03 12:21 - 2015-02-03 12:21 - 00001055 _____ () C:\Users\Dirk\Desktop\mbam.txt
2015-02-03 11:58 - 2015-02-03 11:58 - 00001076 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-03 11:58 - 2015-02-03 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-03 11:58 - 2015-02-03 11:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-03 11:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-03 11:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-03 11:55 - 2015-02-03 11:55 - 02194432 _____ () C:\Users\Dirk\Desktop\AdwCleaner_4.109.exe
2015-02-03 11:55 - 2015-02-03 11:55 - 01388274 _____ (Thisisu) C:\Users\Dirk\Desktop\JRT.exe
2015-02-02 22:15 - 2015-02-02 22:15 - 00029062 _____ () C:\ComboFix.txt
2015-02-02 21:24 - 2015-02-02 22:15 - 00000000 ____D () C:\Qoobox
2015-02-02 21:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-02 21:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-02 21:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-02 21:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-02 21:23 - 2015-02-02 22:12 - 00000000 ____D () C:\Windows\erdnt
2015-02-02 21:16 - 2015-02-02 21:16 - 05611380 ____R (Swearware) C:\Users\Dirk\Desktop\ComboFix.exe
2015-02-02 12:30 - 2015-02-03 12:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-02 12:30 - 2015-02-03 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 12:30 - 2015-02-03 11:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-02 12:28 - 2015-02-02 12:28 - 00000000 ____D () C:\Users\Dirk\Desktop\mbar-1.08.3.1004
2015-02-02 12:27 - 2015-02-02 12:27 - 00000000 ____D () C:\Users\Dirk\Desktop\mbar
2015-02-02 12:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-02 12:13 - 2015-02-02 12:13 - 00001238 _____ () C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
2015-02-02 12:12 - 2015-02-02 12:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-02 12:07 - 2015-02-02 13:13 - 00188656 _____ () C:\Users\Dirk\Desktop\Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser - Trojaner-Board.htm
2015-02-02 12:07 - 2015-02-02 12:07 - 00000000 ____D () C:\Users\Dirk\Desktop\Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser - Trojaner-Board_files
2015-02-02 12:03 - 2015-02-02 12:03 - 00001982 _____ () C:\Users\Dirk\Desktop\schritt-2-troja.txt
2015-02-02 12:02 - 2015-02-02 12:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Dirk\Desktop\tdsskiller.exe
2015-02-02 12:02 - 2015-02-02 12:02 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Dirk\Desktop\mbar-1.08.3.1004.exe
2015-02-02 10:23 - 2015-02-02 10:23 - 00004562 _____ () C:\Users\Dirk\Desktop\gmer.log
2015-02-01 19:56 - 2015-02-01 19:56 - 00000086 _____ () C:\Users\Dirk\Desktop\trojaboard.txt
2015-02-01 19:46 - 2015-02-01 19:47 - 00026073 _____ () C:\Users\Dirk\Desktop\Addition.txt
2015-02-01 19:44 - 2015-02-04 20:53 - 02131968 _____ (Farbar) C:\Users\Dirk\Desktop\FRST64.exe
2015-02-01 19:44 - 2015-02-04 20:53 - 00000000 ____D () C:\FRST
2015-02-01 19:42 - 2015-02-01 19:42 - 00000470 _____ () C:\Users\Dirk\Desktop\defogger_disable.log
2015-02-01 19:42 - 2015-02-01 19:42 - 00000000 _____ () C:\Users\Dirk\defogger_reenable
2015-02-01 19:41 - 2015-02-03 20:02 - 00000000 ____D () C:\Problem-Software
2015-02-01 19:41 - 2015-02-01 19:41 - 00050477 _____ () C:\Users\Dirk\Desktop\Defogger.exe
2015-01-31 15:52 - 2015-02-02 22:00 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-31 15:52 - 2015-01-31 15:52 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Users\Dirk\Documents\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-31 15:47 - 2015-01-31 15:47 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-31 15:46 - 2015-01-31 15:46 - 31390952 _____ (Simply Super Software ) C:\Users\Dirk\Downloads\trjsetup691.exe
2015-01-27 08:09 - 2015-01-27 08:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 09:31 - 2015-01-26 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 09:30 - 2015-02-04 20:35 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 09:30 - 2015-02-04 09:35 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 09:30 - 2015-01-26 09:31 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Google
2015-01-26 09:30 - 2015-01-26 09:31 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 09:30 - 2015-01-26 09:30 - 00880784 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2015-01-26 09:30 - 2015-01-26 09:30 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 09:30 - 2015-01-26 09:30 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-17 13:13 - 2015-01-17 13:14 - 06381120 _____ (Tim Kosse) C:\Users\Dirk\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-15 08:32 - 2015-01-15 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-14 07:38 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:38 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:38 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:38 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:38 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:38 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:38 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:38 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:38 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:38 - 2014-12-11 18:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:38 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:38 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:38 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 08:52 - 2015-01-13 08:52 - 00000971 _____ () C:\Users\Dirk\Desktop\Zahlungen - Verknüpfung.lnk
2015-01-12 20:18 - 2015-01-12 20:18 - 00000000 ____D () C:\Windows\Sun
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 20:06 - 2014-02-12 09:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 17:34 - 2009-07-14 05:45 - 00036752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 17:34 - 2009-07-14 05:45 - 00036752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 22:08 - 2014-01-30 21:53 - 01215027 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 21:59 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2015-02-03 21:59 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2015-02-03 21:59 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-03 16:56 - 2014-02-06 13:14 - 00000600 _____ () C:\Users\Dirk\AppData\Roaming\winscp.rnd
2015-02-03 14:03 - 2014-01-31 19:51 - 00001456 _____ () C:\Users\Dirk\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-02-03 12:55 - 2014-11-10 08:36 - 00001107 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-02-03 12:55 - 2014-01-31 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-03 12:55 - 2014-01-31 17:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-03 12:54 - 2014-01-31 18:11 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-03 12:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 12:50 - 2010-11-21 04:47 - 00174704 _____ () C:\Windows\PFRO.log
2015-02-03 12:50 - 2009-07-14 05:51 - 00084635 _____ () C:\Windows\setupact.log
2015-02-03 12:24 - 2014-02-06 15:45 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-03 11:26 - 2014-01-31 20:58 - 00000000 ____D () C:\Program Files (x86)\RenWiz
2015-02-02 22:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-02 22:09 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-02 22:05 - 2014-01-31 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 22:04 - 2009-07-14 03:34 - 71565312 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-02 22:04 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-02 22:02 - 2014-01-31 17:18 - 00000000 ____D () C:\Users\Dirk\AppData\Local\Adobe
2015-02-01 19:42 - 2014-01-30 21:59 - 00000000 ____D () C:\Users\Dirk
2015-01-25 22:23 - 2014-02-12 09:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 22:23 - 2014-01-31 20:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 22:23 - 2014-01-31 20:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 14:25 - 2014-01-31 20:44 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2015-01-17 18:09 - 2014-02-09 14:21 - 00000000 ____D () C:\Users\Dirk\AppData\Roaming\FileZilla
2015-01-17 13:14 - 2014-01-31 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-14 17:29 - 2014-01-30 22:28 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:24 - 2014-01-30 22:28 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-05 14:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2015-01-26 09:30 - 2015-01-26 09:30 - 0880784 _____ (Google Inc.) C:\Program Files\ChromeSetup.exe
2014-09-18 09:01 - 2014-09-18 09:01 - 0000132 _____ () C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-11-09 10:57 - 2014-12-21 19:03 - 0000132 _____ () C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-02-10 20:16 - 2014-07-19 04:52 - 0000138 _____ () C:\Users\Dirk\AppData\Roaming\WB.CFG
2014-02-06 13:14 - 2015-02-03 16:56 - 0000600 _____ () C:\Users\Dirk\AppData\Roaming\winscp.rnd
2014-01-31 19:51 - 2015-02-03 14:03 - 0001456 _____ () C:\Users\Dirk\AppData\Local\Adobe Save for Web 13.0 Prefs
Some content of TEMP:
====================
C:\Users\Dirk\AppData\Local\Temp\avgnt.exe
C:\Users\Dirk\AppData\Local\Temp\Quarantine.exe
C:\Users\Dirk\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-02 22:32
==================== End Of Log ============================
--- Werbung bzw. Musik habe ich jetzt schon seit gestern nicht mehr ertragen müssen. Großes Danke schon mal vorab ! |
|
05.02.2015, 08:22
| #11 |
| /// the machine /// TB-Ausbilder | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.02.2015, 10:30
| #12 |
| | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Vielen Dank für Deine Hilfe ! Spende geht heute noch auf den Bankweg. |
|
05.02.2015, 13:05
| #13 |
| /// the machine /// TB-Ausbilder | Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Werbung bzw. Musik im Hintergrund - auch bei geschlossenem Browser |
| adware, bonjour, browser, converter, defender, desktop, device driver, entfernen, flash player, ftp, iexplore.exe, infizierte, kmspico, mozilla, musik, photoshop, problem, prozesse, registry, security, sekunden, software, super, svchost.exe, trojan, warnung, werbung, windows |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
