Warnmeldung von der Telecom , bedrohung duch Trojaner

Steve71037 · 04.02.2015, 20:21

Hallo Gemeinde , ich habe vor ein paar Tagen einen Breif von der Telecom bekommen mit einer Sicherheitswarnung zwecks Trojaner befall. Ich babe daruf mein Vieren-Progamm gestartet ( SpyBot Vollversion) und glatt 4 bedrohungen gefungen und in Quarantäne gesetzt. alles soweit ok .Heute bekamm ich eine Meldeung vom Vierenprogramm ; Trojan.GenericKD.21331 -Infektion. ,wieder suchllauf gestartet und raus kam nix.

hier die log Datein ; Defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:36 on 31/01/2015 (R)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by R (administrator) on R-PC on 31-01-2015 07:45:12
Running from C:\Users\R\Desktop\Trojaner
Loaded Profiles: R (Available profiles: R)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mobsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\recover.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\expand.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\subst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [plenty-row] => C:\Users\R\AppData\Roaming\Plentyreact\plenty-shift.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [zhlzhwhw] => C:\Users\R\AppData\Roaming\Ykcwbkgryi\kltmhwhw.exe [147968 2015-01-29] (IvoSoft)
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [lesson-guide] => C:\Users\R\AppData\Roaming\Lessonquestion\lesson_would.exe [78848 2015-01-30] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [box-scratch] => C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe [141824 2015-01-29] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [tooth-reflect] => C:\Users\R\AppData\Local\Tooth-upset\tooth_station.exe [182784 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [grade-collect] => C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [string-iron] => C:\Users\R\AppData\Roaming\String_discount\string-dimension.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [string-iron] => C:\Users\R\AppData\Roaming\String_discount\string-dimension.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [box-scratch] => C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe [141824 2015-01-29] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [grade-collect] => C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [tooth-reflect] => C:\Users\R\AppData\Local\Tooth-upset\tooth_station.exe [182784 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [lesson-guide] => C:\Users\R\AppData\Roaming\Lessonquestion\lesson_would.exe [78848 2015-01-30] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [plenty-row] => C:\Users\R\AppData\Roaming\Plentyreact\plenty-shift.exe [78336 2015-01-29] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {1b8db0e6-06c9-11e2-949f-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {1b8db0ee-06c9-11e2-949f-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {353b29e5-c696-11e2-8f98-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {8c5b3165-d3ee-11e2-bca9-70f1a1ff571b} - E:\AutoRun.exe
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\MountPoints2: {8cb19d51-085c-11e2-9f45-806e6f6e6963} - F:\AutoRun.exe
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1667074292-2624200287-3336342126-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1667074292-2624200287-3336342126-1000] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1667074292-2624200287-3336342126-1000 -> {3384522D-3201-4969-9DEC-57B0BA01B6A6} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12]
FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-05]
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\extensions\cliqz@cliqz.com

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-19] (SolidWorks) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech                  )
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-08] () [File not signed]
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-27] (Emsisoft GmbH)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-08] () [File not signed]
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S2 VmodeNT; C:\Windows\SysWow64\Drivers\VmodeNT.sys [2528 1998-01-21] (k&k)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 07:44 - 2015-01-31 07:44 - 00033458 _____ () C:\Users\R\Desktop\Addition.txt (2).txt
2015-01-31 07:43 - 2015-01-31 07:43 - 00026073 _____ () C:\Users\R\Desktop\FRST.txt
2015-01-31 07:42 - 2015-01-31 07:42 - 00033459 _____ () C:\Users\R\Desktop\Addition.txt
2015-01-31 07:40 - 2015-01-31 07:45 - 00000000 ____D () C:\FRST
2015-01-31 07:35 - 2015-01-31 07:35 - 00000000 _____ () C:\Users\R\defogger_reenable
2015-01-31 07:31 - 2015-01-31 07:45 - 00000000 ____D () C:\Users\R\Desktop\Trojaner
2015-01-30 19:26 - 2015-01-30 19:26 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Lessonquestion
2015-01-29 23:50 - 2015-01-29 23:50 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Body-surprised
2015-01-29 23:48 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Ykcwbkgryi
2015-01-29 22:46 - 2015-01-29 22:46 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Plentyreact
2015-01-29 22:26 - 2015-01-29 22:26 - 00000000 ___HD () C:\Users\R\AppData\Local\Grade-compare
2015-01-29 05:39 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Local\Ipvqn
2015-01-29 00:49 - 2015-01-29 00:49 - 00000000 ___HD () C:\Users\R\AppData\Local\Tooth-upset
2015-01-29 00:41 - 2015-01-29 00:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\String_discount
2015-01-27 08:18 - 2015-01-27 08:18 - 00000017 _____ () C:\Windows\㨀尀ؚ
2015-01-27 08:17 - 2015-01-27 08:17 - 00000030 _____ () C:\Windows\㨀尀̞
2015-01-26 20:56 - 2015-01-29 22:50 - 00000234 _____ () C:\Windows\[]
2015-01-26 20:50 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 20:29 - 2015-01-26 20:31 - 00000011 _____ () C:\Windows\㨀尀Í
2015-01-26 08:19 - 2015-01-27 08:17 - 00000035 _____ () C:\Windows\䉯䍊整䥅卋牖橒灦桴
2015-01-26 08:19 - 2015-01-27 08:17 - 00000031 _____ () C:\Windows\噓割晪瑰h氀牁桎
2015-01-26 08:19 - 2015-01-27 08:17 - 00000022 _____ () C:\Windows\䤀卋牖橒灦桴
2015-01-26 08:13 - 2015-01-26 08:13 - 00000017 _____ () C:\Windows\㨀尀ĕ
2015-01-25 19:18 - 2015-01-25 19:18 - 00000013 _____ () C:\Windows\㨀尀ت
2015-01-25 07:40 - 2015-01-25 07:40 - 00000017 _____ () C:\Windows\㨀尀ǹ
2015-01-25 07:39 - 2015-01-25 07:39 - 00000030 _____ () C:\Windows\㨀尀ԓ
2015-01-24 19:53 - 2015-01-24 19:53 - 00000011 _____ () C:\Windows\㨀尀Ó
2015-01-24 19:51 - 2015-01-24 19:52 - 00000011 _____ () C:\Windows\㨀尀Î
2015-01-24 14:05 - 2015-01-26 08:19 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Yjiaex
2015-01-24 13:56 - 2015-01-29 22:01 - 00000010 _____ () C:\Windows\礀䕳
2015-01-24 13:35 - 2015-01-24 13:35 - 00000013 _____ () C:\Windows\ÿÿ
2015-01-24 13:31 - 2015-01-24 13:31 - 00000015 _____ () C:\Windows\㨀尀Ĳ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀ͪ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀̮
2015-01-23 20:38 - 2015-01-23 20:38 - 00000015 _____ () C:\Windows\㨀尀Դ
2015-01-23 20:37 - 2015-01-26 08:12 - 00000082 _____ () C:\Windows\㨀尀̠
2015-01-23 19:35 - 2015-01-23 19:35 - 00000017 _____ () C:\Windows\㨀尀մ
2015-01-23 19:34 - 2015-01-23 19:34 - 00000017 _____ () C:\Windows\㨀尀֫
2015-01-23 19:33 - 2015-01-23 19:33 - 00000017 _____ () C:\Windows\㨀尀֢
2015-01-23 13:16 - 2015-01-28 15:53 - 00000000 ___HD () C:\Users\R\AppData\Local\Stringdig
2015-01-23 13:15 - 2015-01-23 13:16 - 00000030 _____ () C:\Windows\㨀尀˳
2015-01-21 21:42 - 2015-01-23 19:38 - 00000000 ____D () C:\Users\R\Desktop\Fotobuch 2
2015-01-17 19:29 - 2015-01-23 14:07 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Kvcnmxphf
2015-01-15 08:51 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 08:51 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 08:51 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 08:51 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 08:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-11 07:55 - 2015-01-30 19:26 - 00000000 ____D () C:\ProgramData\vowc
2015-01-07 20:47 - 2015-01-18 03:10 - 00000000 ___HD () C:\Users\R\AppData\Local\Body-cover

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 07:42 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 07:42 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 07:35 - 2011-04-22 08:33 - 00000000 ____D () C:\Users\R
2015-01-31 07:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-01-31 07:30 - 2010-10-18 13:42 - 01812254 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 22:12 - 2014-10-25 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 14:51 - 2014-12-13 21:46 - 00000000 ____D () C:\Users\R\Desktop\Nähen Christin
2015-01-30 08:44 - 2014-11-12 19:45 - 00000947 _____ () C:\Windows\win.ini
2015-01-30 08:44 - 2012-09-28 15:01 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-30 08:43 - 2014-10-25 12:52 - 00105808 _____ () C:\Windows\PFRO.log
2015-01-30 08:43 - 2014-10-25 10:09 - 00006901 _____ () C:\Windows\setupact.log
2015-01-30 08:43 - 2011-08-08 16:22 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-01-30 08:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-29 22:51 - 2011-09-10 08:27 - 00000000 ____D () C:\Users\R\AppData\Local\CrashDumps
2015-01-28 15:53 - 2014-11-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-01-28 15:28 - 2014-10-25 12:55 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-28 15:28 - 2014-10-25 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-28 15:28 - 2014-10-25 12:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-24 13:30 - 2013-08-27 14:23 - 00344064 ___SH () C:\Users\R\Desktop\Thumbs.db
2015-01-21 20:52 - 2012-12-15 16:58 - 00000000 ____D () C:\Users\R\Desktop\Christin
2015-01-18 03:10 - 2014-10-05 19:31 - 00119898 _____ () C:\Windows\SysWOW64\bddel.dat
2015-01-17 19:26 - 2014-10-30 14:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-17 19:26 - 2012-09-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-17 19:25 - 2014-10-30 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 08:59 - 2013-08-15 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:55 - 2011-08-12 21:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-06 04:36 - 2011-04-23 11:46 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-12-30 13:55 - 2014-12-30 13:55 - 0039936 _____ () C:\Users\R\AppData\Roaming\stowings.a
2014-01-14 19:26 - 2014-01-14 19:26 - 0000108 _____ () C:\Users\R\AppData\Roaming\WB.CFG
2014-01-14 19:26 - 2014-01-14 19:26 - 0000005 _____ () C:\Users\R\AppData\Roaming\WBPU-TTL.DAT
2011-08-03 09:32 - 2011-08-03 09:32 - 0007602 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2011-12-04 21:25 - 2011-12-12 07:10 - 0000040 ___SH () C:\ProgramData\.zreglib

Files to move or delete:
====================
C:\Users\R\AppData\Local\Temp\Box_let\boxadmire.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-28 18:30

==================== End Of Log ============================

GMER:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-31 08:22:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\R\AppData\Local\Temp\pxtdrpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\wininit.exe[516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\services.exe[564] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\lsass.exe[600] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                   000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\lsass.exe[600] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                  000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\lsm.exe[608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                     000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[784] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\atiesrxx.exe[840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\winlogon.exe[892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 0
.text   C:\Windows\System32\svchost.exe[936] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\System32\svchost.exe[936] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes JMP 69567a0
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes JMP 130021
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes JMP 8c234c9
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\System32\svchost.exe[980] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\system32\svchost.exe[384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[156] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                000007fefdef0c10 6 bytes JMP 42383500
.text   C:\Windows\system32\atieclxx.exe[1076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                               000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\System32\spoolsv.exe[1372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                      0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                            0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                            000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\Dwm.exe[1484] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                    000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\system32\svchost.exe[1492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[1492] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                           0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                           0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                     0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                   00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1580] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                  0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                           0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                           0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                     0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                   00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1604] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                  0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                          0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                                0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\Explorer.EXE[1688] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                                000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                       0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                       000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                               000007fefcf49055 3 bytes [B5, 6F, 07]
.text   C:\Windows\system32\taskhost.exe[1732] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                              000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                    0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                          0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                          000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                  000007fefcf49055 3 bytes [B5, 6F, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1948] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                 000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                       0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessW                                                             0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\kernel32.dll!CreateProcessA                                                             000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe[1956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                     000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Bonjour\mDNSResponder.exe[1676] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                     000007fefcf49055 3 bytes CALL 9000027
.text   C:\Program Files\Bonjour\mDNSResponder.exe[1676] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                    000007fefdef0c10 6 bytes JMP 0
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                        0000000075b5103d 6 bytes JMP 71a6000a
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                        0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000075b7c9b5 6 bytes JMP 71a3000a
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                00000000760a2c9e 4 bytes CALL 71aa0000
.text   C:\Windows\SysWOW64\dllhost.exe[1720] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               0000000074e85429 6 bytes JMP 71a0000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                           0000000075b5103d 6 bytes JMP 71a6000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                           0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                     0000000075b7c9b5 6 bytes JMP 71a3000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                   00000000760a2c9e 4 bytes CALL 71aa0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                  0000000074e85429 6 bytes JMP 71a0000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                   0000000074cf1465 2 bytes [CF, 74]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[400] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                  0000000074cf14bb 2 bytes [CF, 74]
.text   ...                                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                   0000000075b5103d 6 bytes JMP 6f31000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                   0000000075b51072 6 bytes JMP 6f39000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                             0000000075b7c9b5 6 bytes JMP 6f2e000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                           00000000760a2c9e 4 bytes CALL 6f350000
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                          0000000074e85429 6 bytes JMP 6f2b000a
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           0000000074cf1465 2 bytes [CF, 74]
.text   C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe[1008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000074cf14bb 2 bytes [CF, 74]
.text   ...                                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                      0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                      0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                              00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Launch Manager\dsiwmis.exe[1344] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                             0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                        0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessW                                                              0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\kernel32.dll!CreateProcessA                                                              000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe[2080] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                      000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\svchost.exe[2156] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 9000027
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                         0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                         0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                   0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2224] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                         0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                         0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                   0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                 00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                 0000000074cf1465 2 bytes [CF, 74]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                0000000074cf14bb 2 bytes [CF, 74]
.text   ...                                                                                                                                                                                          * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                        0000000075b5103d 6 bytes JMP 71a7000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                        0000000075b51072 6 bytes JMP 71ae000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                  0000000075b7c9b5 6 bytes JMP 71a4000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                00000000760a2c9e 4 bytes CALL 71ab0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe[2584] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                               0000000074e85429 6 bytes JMP 71a1000a
.text   C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes CALL 0
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW                                                              0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessW                                                                    0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNEL32.dll!CreateProcessA                                                                    000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                   0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                   0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                             0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                           00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe[640] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                          0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessW           0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessA           0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW     0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493   00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe[1204] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW  0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessW           0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessA           0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW     0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493   00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe[2700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW  0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                        0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                        0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                  0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe[2764] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                               0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                    0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                    0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                              0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                            00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\eventcreate.exe[2888] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                           0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[2896] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                       0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                       0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                               00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\wiaacmgr.exe[2932] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                              0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                       0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                       0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                 0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                               00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\iexpress.exe[2832] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                              0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                        0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                        0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\replace.exe[2180] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[2520] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessAsUserW                                                              0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessW                                                                    0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNEL32.dll!CreateProcessA                                                                    000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                            000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\SearchIndexer.exe[3708] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                          000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                            0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                  0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                  000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\wbem\unsecapp.exe[3724] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                          000007fefcf49055 3 bytes CALL 9000027
.text   C:\Windows\System32\alg.exe[3784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                    000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\wbem\wmiprvse.exe[4056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                          000007fefcf49055 3 bytes CALL 9000027
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3744] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                               000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3744] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                              000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                      0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessW                                                            0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessA                                                            000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe[3524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                    000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\System32\svchost.exe[4476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\System32\svchost.exe[4476] C:\Windows\system32\ADVAPI32.dll!CreateProcessWithLogonW                                                                                               000007fefdef0c10 6 bytes {JMP QWORD [RIP+0x3ff420]}
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                                          0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                                          0000000075b51072 6 bytes JMP 71af000a
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                                    0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                                  00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Windows\SysWOW64\subst.exe[4696] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                                 0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[4712] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                  0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                        0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                        000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\system32\conhost.exe[4720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Windows\system32\sppsvc.exe[3920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes [B5, 6F, 06]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                         0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                         0000000075b51072 6 bytes JMP 71af000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                   0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                 00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2260] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                0000000074e85429 6 bytes JMP 71a2000a
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessAsUserW                                                                                                   0000000076fe98e0 6 bytes {JMP QWORD [RIP+0x9076750]}
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                                                         0000000077000650 6 bytes {JMP QWORD [RIP+0x903f9e0]}
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\kernel32.dll!CreateProcessA                                                                                                         000000007707acf0 6 bytes {JMP QWORD [RIP+0x8fa5340]}
.text   C:\Windows\System32\svchost.exe[976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                                                                 000007fefcf49055 3 bytes CALL 9000027
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                                                                             0000000075b5103d 6 bytes JMP 71a8000a
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                                                                             0000000075b51072 6 bytes JMP 71af000a
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW                                                                                       0000000075b7c9b5 6 bytes JMP 71a5000a
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                                                     00000000760a2c9e 4 bytes CALL 71ac0000
.text   C:\Users\R\Desktop\Trojaner\Gmer-19357.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessWithLogonW                                                                                    0000000074e85429 6 bytes JMP 71a2000a

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2104]                                                                                                                                                  000000007ef90000
Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2132]                                                                                                                                                  000000007ef9183d
Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2148]                                                                                                                                                  000000007ef96643
Thread  C:\Windows\SysWOW64\dllhost.exe [1720:2152]                                                                                                                                                  000000007ef955c8
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:1780]                                                                                                                                                 000000007ef97c32
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:2876]                                                                                                                                                 000000007ef97be4
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:3124]                                                                                                                                                 000000007ef991d3
Thread  C:\Windows\SysWOW64\wiaacmgr.exe [2932:3152]                                                                                                                                                 000000007ef9dc0c
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3096]                                                                                                                                                 000000007ef97c32
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3100]                                                                                                                                                 000000007ef97be4
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3128]                                                                                                                                                 000000007ef991d3
Thread  C:\Windows\SysWOW64\iexpress.exe [2832:3156]                                                                                                                                                 000000007ef9dc0c
Thread  C:\Windows\SysWOW64\replace.exe [2180:3168]                                                                                                                                                  000000007ef97c32
Thread  C:\Windows\SysWOW64\replace.exe [2180:3172]                                                                                                                                                  000000007ef97be4
Thread  C:\Windows\SysWOW64\replace.exe [2180:3208]                                                                                                                                                  000000007ef991d3
Thread  C:\Windows\SysWOW64\replace.exe [2180:3280]                                                                                                                                                  000000007ef9dc0c
Thread  C:\Windows\SysWOW64\subst.exe [4696:4748]                                                                                                                                                    000000007ef97c32
Thread  C:\Windows\SysWOW64\subst.exe [4696:4752]                                                                                                                                                    000000007ef97be4
Thread  C:\Windows\SysWOW64\subst.exe [4696:4768]                                                                                                                                                    000000007ef991d3
Thread  C:\Windows\SysWOW64\subst.exe [4696:4784]                                                                                                                                                    000000007ef9dc0c
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4756]                                                                                                                                                   000000007efc7c32
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4760]                                                                                                                                                   000000007efc7be4
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4772]                                                                                                                                                   000000007efc91d3
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4780]                                                                                                                                                   000000007efcdc0c
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4824]                                                                                                                                                   0000000077332e65
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4836]                                                                                                                                                   0000000077333e85
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:3504]                                                                                                                                                   0000000077333e85
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:5112]                                                                                                                                                   0000000077337151
Thread  C:\Windows\SysWOW64\chkdsk.exe [4704:4924]                                                                                                                                                   0000000077333e85

---- Registry - GMER 2.1 ----

Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs                                                                                                                AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber                                                                                                                       7601
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon                                                                                                                        0
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec                                                                                                                     1

---- EOF - GMER 2.1 ----

Log vom Vierenprogramm:

Code:

ATTFilter

Search results from Spybot - Search & Destroy

31.01.2015 11:08:50
Scan took 02:01:39.
6 items found.

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)
  


--- Spybot - Search & Destroy version: 2.4.40.131  DLL (build: 20140425) ---

2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-10-01 spybotsd2-install-scannerservice.exe (2.4.40.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2014-11-10 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2015-01-28 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-11-14 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-11-14 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2014-11-14 Includes\Malware-002.sbi (*)
2014-11-14 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2015-01-28 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-11-14 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2015-01-28 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-11-14 Includes\Spyware-000.sbi (*)
2014-12-10 Includes\Spyware-001.sbi (*)
2015-01-14 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-11-14 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2015-01-21 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

schrauber · 04.02.2015, 20:33

Hi,

Addition.txt fehlt noch

Steve71037 · 04.02.2015, 20:43

Addition .TXT;

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by R at 2015-01-31 07:44:31
Running from C:\Users\R\Desktop\Trojaner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.00 - Sunflowers)
Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}) (Version: 3.0.758.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version:  - )
ccc-core-static (x32 Version: 2010.0122.858.16002 - Ihr Firmenname) Hidden
Cinergy T Stick MKII V9.06.3.01 (HKLM-x32\...\Cinergy T Stick MKII) (Version: 9.06.3.01 - )
Cinergy T USB XXS V2.03.03.29 (HKLM-x32\...\Cinergy T USB XXS) (Version: 2.03.03.29 - )
Click to Call with Skype (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.8013 - Skype Technologies S.A.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
DWGeditor (x32 Version: 18.00.5035 - SolidWorks) Hidden
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Packard Bell)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
PhotoView 360 (x32 Version: 18.00.5035 - SolidWorks Corporation) Hidden
RCT3 Soaked (HKLM-x32\...\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}) (Version: 1.00.000 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
RTL II Hausplaner 1.1.0.5 (HKLM-x32\...\{802931FA-0472-404D-BA9D-FBA9D30C27FC}) (Version: 1.1.0.5 - Creative Amadeo GmbH)
SEMA Holzbausoftware V8.3 (D) (HKLM-x32\...\{B4CB7EC0-F3AD-11D5-A427-0080C8335CC2}) (Version:  - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
ServiceInstaller (HKLM-x32\...\ServiceInstaller) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks 2010 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20100-40000-1100-100) (Version: 18.0.0.5035 - SolidWorks Corporation)
SolidWorks 2010 x64 Edition SP0 (Version: 18.100.5035 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (x32 Version: 10.0.727 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2010 SP0 x64 Edition (Version: 18.00.5035 - SolidWorks Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Surf & E-Mail-Stick (HKLM-x32\...\Surf & E-Mail-Stick) (Version: 11.301.08.00.35 - Huawei Technologies Co.,Ltd)
SYMplus Drehen deu (HKLM-x32\...\SYMplus Drehen deu) (Version:  - )
SYMplus Fräsen deu (HKLM-x32\...\SYMplus Fräsen deu) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.139.715 - Chicony Electronics Co.,Ltd.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM-x32\...\VTechDownloadManager) (Version:  - VTech)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3004 - Packard Bell)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-12-2014 03:00:16 Windows Update
26-12-2014 18:06:01 Windows Update
04-01-2015 20:55:22 Windows Update
10-01-2015 19:41:36 Windows Update
15-01-2015 08:44:09 Windows Update
15-01-2015 08:54:32 Windows Update
21-01-2015 19:44:57 Windows Update
28-01-2015 20:40:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {071F3866-38C0-4CD7-BFF0-283DB6436F31} - System32\Tasks\{5E83E919-07B8-4156-B6CB-0C6BBD29D819} => pcalua.exe -a C:\Users\R\Desktop\Technik\SEMA\SEMAV83\SEMSYS\SEMACALL.EXE
Task: {16097C85-850D-4F42-A78E-C9391A4665EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1B390A92-FE94-476A-B2D7-C20707094C71} - System32\Tasks\{17A15F0F-05C6-4B25-A8EF-1D3B3B353E04} => pcalua.exe -a C:\Windows\UniFish3.exe -d "C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Hasbro Interactive\RollerCoaster Tycoon" -c C:\Program Files (x86)\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Task: {34057AA8-627C-4F4C-A573-07DEDA1E544F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3736603A-B46A-4DBC-82AB-63B1D7133868} - System32\Tasks\{CD6D24B3-8BD7-44AC-A189-A7E829FACD8A} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.370&amp;LastError=12007
Task: {3D2159F7-B713-49A0-BE7C-6BBCFB0D3D82} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4250696C-8919-4F2D-AD27-2BEEC76A5798} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {539F37A1-0E5F-40EA-8A2D-9B0B482C87C2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7203E934-E967-4C7A-B9C2-5F48DE248D31} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {77D23E6B-FDB8-497A-8A21-E8A81850456B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D4C9A716-6BF9-407B-A51C-140BA0753777} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E938A2F4-FBBE-46CA-B7A1-C5DCF7534A9E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {EBD51A85-02B8-41EE-92A7-35B519398439} - System32\Tasks\{F073FDAA-A515-420C-81B7-840209F13D55} => pcalua.exe -a D:\Setup\Setup.exe -d D:\Setup
Task: {F85F6352-8CC6-45B4-BA5B-021A0A1EF57A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2011-11-07 08:56 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-13 02:49 - 2014-06-20 07:42 - 00401280 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
2010-01-07 13:42 - 2010-01-07 13:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-10-18 13:43 - 2010-10-18 13:43 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-10 20:08 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-10 20:08 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-10 20:08 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-13 02:49 - 2014-03-04 12:20 - 00117760 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2014-10-13 02:49 - 2014-04-22 03:14 - 00065536 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll
2014-10-13 02:49 - 2014-05-06 06:39 - 00861184 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00021504 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00020992 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00204800 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00218112 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll
2014-10-13 02:49 - 2014-05-06 06:58 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00015360 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00307712 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll
2014-10-13 02:49 - 2014-05-06 11:44 - 00014848 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll
2014-10-13 02:49 - 2014-05-06 07:31 - 00015872 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00036352 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll
2014-10-13 02:49 - 2014-05-06 06:38 - 00038912 _____ () C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll
2014-11-10 20:08 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-10 20:08 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-10 20:08 - 2014-04-25 14:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2015-01-26 20:50 - 2015-01-26 20:50 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files (x86)\Video Web Camera\traybar.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-1667074292-2624200287-3336342126-500 - Administrator - Disabled)
Gast (S-1-5-21-1667074292-2624200287-3336342126-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1667074292-2624200287-3336342126-1005 - Limited - Enabled)
R (S-1-5-21-1667074292-2624200287-3336342126-1000 - Administrator - Enabled) => C:\Users\R

==================== Faulty Device Manager Devices =============

Name: Sentinel64
Description: Sentinel64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: Sentinel64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/31/2015 02:31:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14429843

Error: (01/31/2015 02:31:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14429843

Error: (01/31/2015 02:31:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/31/2015 02:31:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14413681

Error: (01/31/2015 02:31:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14413681

Error: (01/31/2015 02:31:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2015 04:42:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (01/30/2015 01:25:29 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (01/29/2015 10:51:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mshta.exe, Version: 11.0.9600.16428, Zeitstempel: 0x525b8610
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7ef996ab
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xmshta.exe0
Pfad der fehlerhaften Anwendung: mshta.exe1
Pfad des fehlerhaften Moduls: mshta.exe2
Berichtskennung: mshta.exe3

Error: (01/29/2015 09:44:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "SharkoonEC2 (E:)" wurde aufgrund eines Fehlers nicht defragmentiert: Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)


System errors:
=============
Error: (01/30/2015 06:32:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/30/2015 10:24:34 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/30/2015 08:43:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (01/30/2015 08:43:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hardlock" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/30/2015 08:43:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577

Error: (01/30/2015 08:43:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VmodeNT" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (01/30/2015 08:43:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\VmodeNT.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (01/30/2015 08:43:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Sentinel64" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%20

Error: (01/29/2015 10:51:20 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/29/2015 10:50:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%577


Microsoft Office Sessions:
=========================
Error: (01/31/2015 02:31:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14429843

Error: (01/31/2015 02:31:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14429843

Error: (01/31/2015 02:31:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/31/2015 02:31:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14413681

Error: (01/31/2015 02:31:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14413681

Error: (01/31/2015 02:31:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/30/2015 04:42:49 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154

Error: (01/30/2015 01:25:29 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (01/29/2015 10:51:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mshta.exe11.0.9600.16428525b8610unknown0.0.0.000000000c00000057ef996abfdc01d03c0dba2e1981C:\Windows\SysWOW64\mshta.exeunknown00f044cd-a801-11e4-9ec2-206a8a215487

Error: (01/29/2015 09:44:05 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: SharkoonEC2 (E:)Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 07:31:30.320
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-31 07:10:26.629
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-30 22:11:02.948
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-30 19:45:45.411
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-30 18:32:22.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-30 14:44:47.695
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-30 08:43:36.631
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-30 08:43:36.319
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\lirsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-30 08:43:27.676
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-01-30 08:43:27.349
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atksgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz
Percentage of memory in use: 69%
Total physical RAM: 3956.43 MB
Available physical RAM: 1206.19 MB
Total Pagefile: 7911.05 MB
Available Pagefile: 4442.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:452.97 GB) (Free:289.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BF22BF22)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 05.02.2015, 08:21

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Steve71037 · 06.02.2015, 20:30

Hallo Schrauber ,danke erstmal für deine Hilfe hier die gewünschten Log Daten :
ROOTKIT:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.06.07
  rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
R :: R-PC [administrator]

06.02.2015 19:02:59
mbar-log-2015-02-06 (19-02-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 356421
Time elapsed: 34 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|grade-collect (Trojan.Agent.STLGen) -> Data: C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe -> Delete on reboot. [b08ffd1e45459e987a6044d7ab57a957]
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|grade-collect (Trojan.Agent.STLGen) -> Data: C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe -> Delete on reboot. [b08ffd1e45459e987a6044d7ab57a957]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\R\AppData\Local\Grade-compare\grade-eat.exe (Trojan.Agent.STLGen) -> Delete on reboot. [b08ffd1e45459e987a6044d7ab57a957]
C:\Users\R\AppData\Local\Temp\{00000D93-40E6-C0A6} (Trojan.Agent.ED) -> Delete on reboot. [be812af1206ae650d8a0da307290f709]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

tdskiller:

Code:

ATTFilter

20:25:24.0156 0x05c4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:25:53.0708 0x05c4  ============================================================
20:25:53.0708 0x05c4  Current date / time: 2015/02/06 20:25:53.0708
20:25:53.0708 0x05c4  SystemInfo:
20:25:53.0708 0x05c4  
20:25:53.0709 0x05c4  OS Version: 6.1.7601 ServicePack: 1.0
20:25:53.0709 0x05c4  Product type: Workstation
20:25:53.0709 0x05c4  ComputerName: R-PC
20:25:53.0709 0x05c4  UserName: R
20:25:53.0709 0x05c4  Windows directory: C:\Windows
20:25:53.0709 0x05c4  System windows directory: C:\Windows
20:25:53.0709 0x05c4  Running under WOW64
20:25:53.0709 0x05c4  Processor architecture: Intel x64
20:25:53.0709 0x05c4  Number of processors: 2
20:25:53.0709 0x05c4  Page size: 0x1000
20:25:53.0709 0x05c4  Boot type: Normal boot
20:25:53.0709 0x05c4  ============================================================
20:25:54.0047 0x05c4  KLMD registered as C:\Windows\system32\drivers\80988307.sys
20:25:54.0548 0x05c4  System UUID: {0BA63A7C-B01E-CDF5-0B5B-E8C26718FC02}
20:25:55.0159 0x05c4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:55.0163 0x05c4  ============================================================
20:25:55.0163 0x05c4  \Device\Harddisk0\DR0:
20:25:55.0163 0x05c4  MBR partitions:
20:25:55.0163 0x05c4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
20:25:55.0163 0x05c4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
20:25:55.0163 0x05c4  ============================================================
20:25:55.0182 0x05c4  C: <-> \Device\Harddisk0\DR0\Partition2
20:25:55.0182 0x05c4  ============================================================
20:25:55.0182 0x05c4  Initialize success
20:25:55.0182 0x05c4  ============================================================
20:26:19.0203 0x17dc  ============================================================
20:26:19.0203 0x17dc  Scan started
20:26:19.0203 0x17dc  Mode: Manual; 
20:26:19.0203 0x17dc  ============================================================
20:26:19.0203 0x17dc  KSN ping started
20:26:22.0421 0x17dc  KSN ping finished: true
20:26:22.0895 0x17dc  ================ Scan system memory ========================
20:26:22.0895 0x17dc  System memory - ok
20:26:22.0896 0x17dc  ================ Scan services =============================
20:26:23.0112 0x17dc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:26:23.0119 0x17dc  1394ohci - ok
20:26:23.0180 0x17dc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:26:23.0190 0x17dc  ACPI - ok
20:26:23.0230 0x17dc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:26:23.0231 0x17dc  AcpiPmi - ok
20:26:23.0391 0x17dc  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:26:23.0393 0x17dc  AdobeARMservice - ok
20:26:23.0465 0x17dc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:26:23.0480 0x17dc  adp94xx - ok
20:26:23.0532 0x17dc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:26:23.0542 0x17dc  adpahci - ok
20:26:23.0570 0x17dc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:26:23.0576 0x17dc  adpu320 - ok
20:26:23.0618 0x17dc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:26:23.0621 0x17dc  AeLookupSvc - ok
20:26:23.0683 0x17dc  [ 65F8D71074FCE72B6C491F63535FEDC6, D5EF748DA71AC0EC88E0D33A753FF215CAD42ECEE1263D9FAEA6D059059DE260 ] AF9035BDA       C:\Windows\system32\DRIVERS\AF15BDA.sys
20:26:23.0698 0x17dc  AF9035BDA - ok
20:26:23.0774 0x17dc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:26:23.0788 0x17dc  AFD - ok
20:26:23.0840 0x17dc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:26:23.0842 0x17dc  agp440 - ok
20:26:23.0871 0x17dc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:26:23.0874 0x17dc  ALG - ok
20:26:23.0931 0x17dc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:26:23.0932 0x17dc  aliide - ok
20:26:23.0972 0x17dc  [ 3D90CF67DB75823A8480E56BBCD2E028, 775D58B99ACA606D434713BC00132D43061C37CFEEAECD194FCFDF45792944A3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:26:23.0978 0x17dc  AMD External Events Utility - ok
20:26:24.0012 0x17dc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:26:24.0013 0x17dc  amdide - ok
20:26:24.0046 0x17dc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:26:24.0049 0x17dc  AmdK8 - ok
20:26:24.0323 0x17dc  [ 52679612D742BF74CA1BA6AB86DDF431, 9D7A8FA8952519AD83CD36038F85B958BC97D1A25596EDC01CA1F6DD45DB542A ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
20:26:24.0592 0x17dc  amdkmdag - ok
20:26:24.0674 0x17dc  [ 414E0788920A8C856032BE2CBF29F984, 2DD027ADA24C871167C80A2F5C5ED5CB3AEA1E3A4E8C5FD352FA82C33B24479B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:26:24.0679 0x17dc  amdkmdap - ok
20:26:24.0710 0x17dc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:26:24.0712 0x17dc  AmdPPM - ok
20:26:24.0766 0x17dc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:26:24.0770 0x17dc  amdsata - ok
20:26:24.0792 0x17dc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:26:24.0798 0x17dc  amdsbs - ok
20:26:24.0809 0x17dc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:26:24.0811 0x17dc  amdxata - ok
20:26:24.0845 0x17dc  [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
20:26:24.0846 0x17dc  AmUStor - ok
20:26:24.0910 0x17dc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:26:24.0912 0x17dc  AppID - ok
20:26:24.0938 0x17dc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:26:24.0940 0x17dc  AppIDSvc - ok
20:26:24.0987 0x17dc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:26:24.0990 0x17dc  Appinfo - ok
20:26:25.0079 0x17dc  [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:25.0082 0x17dc  Apple Mobile Device - ok
20:26:25.0106 0x17dc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:26:25.0109 0x17dc  arc - ok
20:26:25.0128 0x17dc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:26:25.0132 0x17dc  arcsas - ok
20:26:25.0253 0x17dc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:26:25.0255 0x17dc  aspnet_state - ok
20:26:25.0281 0x17dc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:25.0283 0x17dc  AsyncMac - ok
20:26:25.0313 0x17dc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:26:25.0314 0x17dc  atapi - ok
20:26:25.0433 0x17dc  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:26:25.0493 0x17dc  athr - ok
20:26:25.0558 0x17dc  [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:26:25.0562 0x17dc  AtiHdmiService - ok
20:26:25.0606 0x17dc  [ 4AEF9EC86818375495FB78CA58DF4E18, 0565888F798FAB86091E7A7D8E1D583DF3CC5756A12ACF04987C67C14E360DFB ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
20:26:25.0615 0x17dc  atksgt - ok
20:26:25.0678 0x17dc  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:26:25.0697 0x17dc  AudioEndpointBuilder - ok
20:26:25.0719 0x17dc  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:26:25.0735 0x17dc  AudioSrv - ok
20:26:25.0807 0x17dc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:26:25.0811 0x17dc  AxInstSV - ok
20:26:25.0857 0x17dc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:26:25.0871 0x17dc  b06bdrv - ok
20:26:25.0915 0x17dc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:25.0923 0x17dc  b57nd60a - ok
20:26:25.0992 0x17dc  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
20:26:26.0028 0x17dc  BCM43XX - ok
20:26:26.0062 0x17dc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:26:26.0066 0x17dc  BDESVC - ok
20:26:26.0088 0x17dc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:26:26.0089 0x17dc  Beep - ok
20:26:26.0170 0x17dc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:26:26.0190 0x17dc  BFE - ok
20:26:26.0259 0x17dc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:26:26.0283 0x17dc  BITS - ok
20:26:26.0298 0x17dc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:26.0301 0x17dc  blbdrive - ok
20:26:26.0397 0x17dc  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:26:26.0407 0x17dc  Bonjour Service - ok
20:26:26.0442 0x17dc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:26:26.0445 0x17dc  bowser - ok
20:26:26.0462 0x17dc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:26:26.0463 0x17dc  BrFiltLo - ok
20:26:26.0474 0x17dc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:26:26.0475 0x17dc  BrFiltUp - ok
20:26:26.0523 0x17dc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:26:26.0527 0x17dc  Browser - ok
20:26:26.0548 0x17dc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:26:26.0556 0x17dc  Brserid - ok
20:26:26.0571 0x17dc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:26.0573 0x17dc  BrSerWdm - ok
20:26:26.0583 0x17dc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:26.0585 0x17dc  BrUsbMdm - ok
20:26:26.0607 0x17dc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:26.0608 0x17dc  BrUsbSer - ok
20:26:26.0628 0x17dc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:26:26.0631 0x17dc  BTHMODEM - ok
20:26:26.0658 0x17dc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:26:26.0661 0x17dc  bthserv - ok
20:26:26.0691 0x17dc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:26:26.0694 0x17dc  cdfs - ok
20:26:26.0756 0x17dc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:26:26.0760 0x17dc  cdrom - ok
20:26:26.0798 0x17dc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:26:26.0801 0x17dc  CertPropSvc - ok
20:26:26.0820 0x17dc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:26:26.0822 0x17dc  circlass - ok
20:26:26.0914 0x17dc  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys
20:26:26.0917 0x17dc  cleanhlp - ok
20:26:26.0953 0x17dc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:26:26.0964 0x17dc  CLFS - ok
20:26:27.0024 0x17dc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:27.0029 0x17dc  clr_optimization_v2.0.50727_32 - ok
20:26:27.0068 0x17dc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:27.0072 0x17dc  clr_optimization_v2.0.50727_64 - ok
20:26:27.0143 0x17dc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:27.0147 0x17dc  clr_optimization_v4.0.30319_32 - ok
20:26:27.0162 0x17dc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:27.0205 0x17dc  clr_optimization_v4.0.30319_64 - ok
20:26:27.0224 0x17dc  clwvd - ok
20:26:27.0243 0x17dc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:26:27.0244 0x17dc  CmBatt - ok
20:26:27.0285 0x17dc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:26:27.0286 0x17dc  cmdide - ok
20:26:27.0360 0x17dc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:26:27.0373 0x17dc  CNG - ok
20:26:27.0409 0x17dc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:26:27.0411 0x17dc  Compbatt - ok
20:26:27.0472 0x17dc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:26:27.0474 0x17dc  CompositeBus - ok
20:26:27.0483 0x17dc  COMSysApp - ok
20:26:27.0642 0x17dc  [ AB82A8885AB9687D82AA51A4B4F62E2D, 170138100ECBD7F87A36672E445C14DFB717C7B4FF511E532400DFB3BB920B1C ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
20:26:27.0645 0x17dc  CoordinatorServiceHost - ok
20:26:27.0679 0x17dc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:26:27.0680 0x17dc  crcdisk - ok
20:26:27.0742 0x17dc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:26:27.0748 0x17dc  CryptSvc - ok
20:26:27.0819 0x17dc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:26:27.0838 0x17dc  DcomLaunch - ok
20:26:27.0879 0x17dc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:26:27.0888 0x17dc  defragsvc - ok
20:26:27.0950 0x17dc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:26:27.0954 0x17dc  DfsC - ok
20:26:28.0020 0x17dc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:26:28.0030 0x17dc  Dhcp - ok
20:26:28.0052 0x17dc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:26:28.0054 0x17dc  discache - ok
20:26:28.0081 0x17dc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:26:28.0084 0x17dc  Disk - ok
20:26:28.0117 0x17dc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:26:28.0123 0x17dc  Dnscache - ok
20:26:28.0184 0x17dc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:26:28.0198 0x17dc  dot3svc - ok
20:26:28.0259 0x17dc  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:26:28.0264 0x17dc  Dot4 - ok
20:26:28.0288 0x17dc  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:26:28.0290 0x17dc  Dot4Print - ok
20:26:28.0307 0x17dc  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:26:28.0309 0x17dc  dot4usb - ok
20:26:28.0345 0x17dc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:26:28.0350 0x17dc  DPS - ok
20:26:28.0392 0x17dc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:26:28.0393 0x17dc  drmkaud - ok
20:26:28.0455 0x17dc  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:26:28.0463 0x17dc  DsiWMIService - ok
20:26:28.0521 0x17dc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:26:28.0548 0x17dc  DXGKrnl - ok
20:26:28.0592 0x17dc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:26:28.0596 0x17dc  EapHost - ok
20:26:28.0748 0x17dc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:26:28.0876 0x17dc  ebdrv - ok
20:26:28.0914 0x17dc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:26:28.0915 0x17dc  EFS - ok
20:26:29.0006 0x17dc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:26:29.0026 0x17dc  ehRecvr - ok
20:26:29.0055 0x17dc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:26:29.0059 0x17dc  ehSched - ok
20:26:29.0106 0x17dc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:26:29.0122 0x17dc  elxstor - ok
20:26:29.0225 0x17dc  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
20:26:29.0246 0x17dc  ePowerSvc - ok
20:26:29.0300 0x17dc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:26:29.0319 0x17dc  ErrDev - ok
20:26:29.0390 0x17dc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:26:29.0402 0x17dc  EventSystem - ok
20:26:29.0438 0x17dc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:26:29.0448 0x17dc  exfat - ok
20:26:29.0478 0x17dc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:26:29.0484 0x17dc  fastfat - ok
20:26:29.0546 0x17dc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:26:29.0566 0x17dc  Fax - ok
20:26:29.0589 0x17dc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:26:29.0590 0x17dc  fdc - ok
20:26:29.0611 0x17dc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:26:29.0613 0x17dc  fdPHost - ok
20:26:29.0631 0x17dc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:26:29.0633 0x17dc  FDResPub - ok
20:26:29.0660 0x17dc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:26:29.0663 0x17dc  FileInfo - ok
20:26:29.0673 0x17dc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:26:29.0675 0x17dc  Filetrace - ok
20:26:29.0757 0x17dc  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:26:29.0782 0x17dc  FLEXnet Licensing Service - ok
20:26:29.0918 0x17dc  [ F1A9C61436E12A637A647870DD6D9EEF, 100E879BA1CC47716EE7FCB74E54328BBEC59D584F8BBACD0043FFBD2BEB9072 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:26:29.0954 0x17dc  FLEXnet Licensing Service 64 - ok
20:26:29.0969 0x17dc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:29.0970 0x17dc  flpydisk - ok
20:26:30.0019 0x17dc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:26:30.0028 0x17dc  FltMgr - ok
20:26:30.0117 0x17dc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:26:30.0151 0x17dc  FontCache - ok
20:26:30.0204 0x17dc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:30.0206 0x17dc  FontCache3.0.0.0 - ok
20:26:30.0228 0x17dc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:26:30.0230 0x17dc  FsDepends - ok
20:26:30.0286 0x17dc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:26:30.0288 0x17dc  Fs_Rec - ok
20:26:30.0328 0x17dc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:26:30.0334 0x17dc  fvevol - ok
20:26:30.0357 0x17dc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:26:30.0360 0x17dc  gagp30kx - ok
20:26:30.0416 0x17dc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:26:30.0438 0x17dc  gpsvc - ok
20:26:30.0453 0x17dc  hardlock - ok
20:26:30.0479 0x17dc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:26:30.0481 0x17dc  hcw85cir - ok
20:26:30.0544 0x17dc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:26:30.0554 0x17dc  HdAudAddService - ok
20:26:30.0615 0x17dc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:26:30.0620 0x17dc  HDAudBus - ok
20:26:30.0649 0x17dc  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:26:30.0651 0x17dc  HECIx64 - ok
20:26:30.0677 0x17dc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:26:30.0679 0x17dc  HidBatt - ok
20:26:30.0698 0x17dc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:26:30.0702 0x17dc  HidBth - ok
20:26:30.0722 0x17dc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:26:30.0724 0x17dc  HidIr - ok
20:26:30.0741 0x17dc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:26:30.0744 0x17dc  hidserv - ok
20:26:30.0802 0x17dc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:26:30.0804 0x17dc  HidUsb - ok
20:26:30.0850 0x17dc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:26:30.0853 0x17dc  hkmsvc - ok
20:26:30.0898 0x17dc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:26:30.0906 0x17dc  HomeGroupListener - ok
20:26:30.0947 0x17dc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:26:30.0953 0x17dc  HomeGroupProvider - ok
20:26:30.0995 0x17dc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:26:30.0998 0x17dc  HpSAMD - ok
20:26:31.0069 0x17dc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:26:31.0090 0x17dc  HTTP - ok
20:26:31.0179 0x17dc  [ CDAA8E257BB625B2387219E605DDE37D, 2AAA32AFC3576DBBC422557F871B934F544642EB9B85E89971F0146E2021C187 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:26:31.0183 0x17dc  hwdatacard - ok
20:26:31.0216 0x17dc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:26:31.0217 0x17dc  hwpolicy - ok
20:26:31.0311 0x17dc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:26:31.0315 0x17dc  i8042prt - ok
20:26:31.0355 0x17dc  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:26:31.0367 0x17dc  iaStor - ok
20:26:31.0430 0x17dc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:26:31.0441 0x17dc  iaStorV - ok
20:26:31.0520 0x17dc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:31.0545 0x17dc  idsvc - ok
20:26:31.0581 0x17dc  IEEtwCollectorService - ok
20:26:31.0840 0x17dc  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:26:32.0076 0x17dc  igfx - ok
20:26:32.0167 0x17dc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:26:32.0170 0x17dc  iirsp - ok
20:26:32.0256 0x17dc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:26:32.0280 0x17dc  IKEEXT - ok
20:26:32.0415 0x17dc  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:26:32.0487 0x17dc  IntcAzAudAddService - ok
20:26:32.0528 0x17dc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:26:32.0528 0x17dc  intelide - ok
20:26:32.0560 0x17dc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:26:32.0560 0x17dc  intelppm - ok
20:26:32.0606 0x17dc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:26:32.0606 0x17dc  IPBusEnum - ok
20:26:32.0638 0x17dc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:26:32.0653 0x17dc  IpFilterDriver - ok
20:26:32.0716 0x17dc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:26:32.0731 0x17dc  iphlpsvc - ok
20:26:32.0762 0x17dc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:26:32.0762 0x17dc  IPMIDRV - ok
20:26:32.0794 0x17dc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:26:32.0794 0x17dc  IPNAT - ok
20:26:32.0809 0x17dc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:26:32.0809 0x17dc  IRENUM - ok
20:26:32.0856 0x17dc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:26:32.0856 0x17dc  isapnp - ok
20:26:32.0887 0x17dc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:26:32.0903 0x17dc  iScsiPrt - ok
20:26:32.0950 0x17dc  [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:26:32.0965 0x17dc  k57nd60a - ok
20:26:32.0981 0x17dc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:26:32.0981 0x17dc  kbdclass - ok
20:26:33.0028 0x17dc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:26:33.0028 0x17dc  kbdhid - ok
20:26:33.0059 0x17dc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:26:33.0059 0x17dc  KeyIso - ok
20:26:33.0090 0x17dc  [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:26:33.0090 0x17dc  KMWDFILTER - ok
20:26:33.0121 0x17dc  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:26:33.0121 0x17dc  KSecDD - ok
20:26:33.0168 0x17dc  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:26:33.0184 0x17dc  KSecPkg - ok
20:26:33.0199 0x17dc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:26:33.0215 0x17dc  ksthunk - ok
20:26:33.0246 0x17dc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:26:33.0262 0x17dc  KtmRm - ok
20:26:33.0293 0x17dc  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
20:26:33.0293 0x17dc  L1E - ok
20:26:33.0355 0x17dc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:26:33.0355 0x17dc  LanmanServer - ok
20:26:33.0386 0x17dc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:26:33.0402 0x17dc  LanmanWorkstation - ok
20:26:33.0418 0x17dc  [ B658B7076B1ACAA5876524595630F183, 3B800B81D0966C2B988857847F35FCA5BB446B368063B10094FB4483A1508B8E ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
20:26:33.0418 0x17dc  lirsgt - ok
20:26:33.0449 0x17dc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:26:33.0449 0x17dc  lltdio - ok
20:26:33.0480 0x17dc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:26:33.0496 0x17dc  lltdsvc - ok
20:26:33.0511 0x17dc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:26:33.0527 0x17dc  lmhosts - ok
20:26:33.0589 0x17dc  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:26:33.0605 0x17dc  LMS - ok
20:26:33.0636 0x17dc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:26:33.0652 0x17dc  LSI_FC - ok
20:26:33.0652 0x17dc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:26:33.0667 0x17dc  LSI_SAS - ok
20:26:33.0683 0x17dc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:26:33.0683 0x17dc  LSI_SAS2 - ok
20:26:33.0683 0x17dc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:26:33.0698 0x17dc  LSI_SCSI - ok
20:26:33.0730 0x17dc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:26:33.0730 0x17dc  luafv - ok
20:26:33.0776 0x17dc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:26:33.0776 0x17dc  Mcx2Svc - ok
20:26:33.0823 0x17dc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:26:33.0823 0x17dc  megasas - ok
20:26:33.0839 0x17dc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:26:33.0854 0x17dc  MegaSR - ok
20:26:33.0870 0x17dc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:26:33.0870 0x17dc  MMCSS - ok
20:26:33.0886 0x17dc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:26:33.0886 0x17dc  Modem - ok
20:26:33.0917 0x17dc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:26:33.0917 0x17dc  monitor - ok
20:26:33.0964 0x17dc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:26:33.0964 0x17dc  mouclass - ok
20:26:33.0995 0x17dc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:26:34.0010 0x17dc  mouhid - ok
20:26:34.0042 0x17dc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:26:34.0042 0x17dc  mountmgr - ok
20:26:34.0120 0x17dc  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:26:34.0120 0x17dc  MozillaMaintenance - ok
20:26:34.0151 0x17dc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:26:34.0151 0x17dc  mpio - ok
20:26:34.0182 0x17dc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:26:34.0182 0x17dc  mpsdrv - ok
20:26:34.0260 0x17dc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:26:34.0291 0x17dc  MpsSvc - ok
20:26:34.0322 0x17dc  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:26:34.0338 0x17dc  MRxDAV - ok
20:26:34.0369 0x17dc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:26:34.0369 0x17dc  mrxsmb - ok
20:26:34.0432 0x17dc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:26:34.0432 0x17dc  mrxsmb10 - ok
20:26:34.0478 0x17dc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:26:34.0478 0x17dc  mrxsmb20 - ok
20:26:34.0525 0x17dc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:26:34.0525 0x17dc  msahci - ok
20:26:34.0572 0x17dc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:26:34.0588 0x17dc  msdsm - ok
20:26:34.0603 0x17dc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:26:34.0603 0x17dc  MSDTC - ok
20:26:34.0634 0x17dc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:26:34.0634 0x17dc  Msfs - ok
20:26:34.0666 0x17dc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:26:34.0666 0x17dc  mshidkmdf - ok
20:26:34.0697 0x17dc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:26:34.0697 0x17dc  msisadrv - ok
20:26:34.0728 0x17dc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:26:34.0728 0x17dc  MSiSCSI - ok
20:26:34.0744 0x17dc  msiserver - ok
20:26:34.0759 0x17dc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:26:34.0759 0x17dc  MSKSSRV - ok
20:26:34.0790 0x17dc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:26:34.0790 0x17dc  MSPCLOCK - ok
20:26:34.0790 0x17dc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:26:34.0790 0x17dc  MSPQM - ok
20:26:34.0853 0x17dc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:26:34.0853 0x17dc  MsRPC - ok
20:26:34.0900 0x17dc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:26:34.0900 0x17dc  mssmbios - ok
20:26:34.0915 0x17dc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:26:34.0915 0x17dc  MSTEE - ok
20:26:34.0931 0x17dc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:26:34.0931 0x17dc  MTConfig - ok
20:26:34.0946 0x17dc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:26:34.0962 0x17dc  Mup - ok
20:26:35.0024 0x17dc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:26:35.0040 0x17dc  napagent - ok
20:26:35.0102 0x17dc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:26:35.0102 0x17dc  NativeWifiP - ok
20:26:35.0180 0x17dc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:26:35.0212 0x17dc  NDIS - ok
20:26:35.0243 0x17dc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:26:35.0243 0x17dc  NdisCap - ok
20:26:35.0258 0x17dc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:26:35.0274 0x17dc  NdisTapi - ok
20:26:35.0321 0x17dc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:26:35.0321 0x17dc  Ndisuio - ok
20:26:35.0368 0x17dc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:26:35.0383 0x17dc  NdisWan - ok
20:26:35.0414 0x17dc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:26:35.0414 0x17dc  NDProxy - ok
20:26:35.0446 0x17dc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:26:35.0446 0x17dc  NetBIOS - ok
20:26:35.0492 0x17dc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:26:35.0508 0x17dc  NetBT - ok
20:26:35.0524 0x17dc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:26:35.0524 0x17dc  Netlogon - ok
20:26:35.0570 0x17dc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:26:35.0586 0x17dc  Netman - ok
20:26:35.0648 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:35.0664 0x17dc  NetMsmqActivator - ok
20:26:35.0695 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:35.0695 0x17dc  NetPipeActivator - ok
20:26:35.0726 0x17dc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:26:35.0742 0x17dc  netprofm - ok
20:26:35.0789 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:35.0789 0x17dc  NetTcpActivator - ok
20:26:35.0789 0x17dc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:26:35.0804 0x17dc  NetTcpPortSharing - ok
20:26:35.0836 0x17dc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:26:35.0836 0x17dc  nfrd960 - ok
20:26:35.0882 0x17dc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:26:35.0898 0x17dc  NlaSvc - ok
20:26:35.0914 0x17dc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:26:35.0914 0x17dc  Npfs - ok
20:26:35.0929 0x17dc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:26:35.0929 0x17dc  nsi - ok
20:26:35.0945 0x17dc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:26:35.0945 0x17dc  nsiproxy - ok
20:26:36.0054 0x17dc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:26:36.0101 0x17dc  Ntfs - ok
20:26:36.0116 0x17dc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:26:36.0116 0x17dc  Null - ok
20:26:36.0148 0x17dc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:26:36.0148 0x17dc  nvraid - ok
20:26:36.0194 0x17dc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:26:36.0194 0x17dc  nvstor - ok
20:26:36.0241 0x17dc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:26:36.0241 0x17dc  nv_agp - ok
20:26:36.0288 0x17dc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:26:36.0288 0x17dc  ohci1394 - ok
20:26:36.0397 0x17dc  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:26:36.0397 0x17dc  ose64 - ok
20:26:36.0678 0x17dc  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:26:36.0865 0x17dc  osppsvc - ok
20:26:36.0912 0x17dc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:26:36.0928 0x17dc  p2pimsvc - ok
20:26:36.0943 0x17dc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:26:36.0959 0x17dc  p2psvc - ok
20:26:36.0990 0x17dc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:26:36.0990 0x17dc  Parport - ok
20:26:37.0021 0x17dc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:26:37.0021 0x17dc  partmgr - ok
20:26:37.0037 0x17dc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:26:37.0052 0x17dc  PcaSvc - ok
20:26:37.0099 0x17dc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:26:37.0099 0x17dc  pci - ok
20:26:37.0130 0x17dc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:26:37.0146 0x17dc  pciide - ok
20:26:37.0177 0x17dc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:26:37.0177 0x17dc  pcmcia - ok
20:26:37.0193 0x17dc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:26:37.0208 0x17dc  pcw - ok
20:26:37.0240 0x17dc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:26:37.0255 0x17dc  PEAUTH - ok
20:26:37.0349 0x17dc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:26:37.0349 0x17dc  PerfHost - ok
20:26:37.0458 0x17dc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:26:37.0489 0x17dc  pla - ok
20:26:37.0552 0x17dc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:26:37.0567 0x17dc  PlugPlay - ok
20:26:37.0583 0x17dc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:26:37.0583 0x17dc  PNRPAutoReg - ok
20:26:37.0598 0x17dc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:26:37.0614 0x17dc  PNRPsvc - ok
20:26:37.0676 0x17dc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:26:37.0692 0x17dc  PolicyAgent - ok
20:26:37.0739 0x17dc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:26:37.0739 0x17dc  Power - ok
20:26:37.0770 0x17dc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:26:37.0786 0x17dc  PptpMiniport - ok
20:26:37.0817 0x17dc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:26:37.0817 0x17dc  Processor - ok
20:26:37.0864 0x17dc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:26:37.0864 0x17dc  ProfSvc - ok
20:26:37.0879 0x17dc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:26:37.0879 0x17dc  ProtectedStorage - ok
20:26:37.0942 0x17dc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:26:37.0942 0x17dc  Psched - ok
20:26:38.0020 0x17dc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:26:38.0066 0x17dc  ql2300 - ok
20:26:38.0098 0x17dc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:26:38.0098 0x17dc  ql40xx - ok
20:26:38.0129 0x17dc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:26:38.0129 0x17dc  QWAVE - ok
20:26:38.0144 0x17dc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:26:38.0144 0x17dc  QWAVEdrv - ok
20:26:38.0160 0x17dc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:26:38.0160 0x17dc  RasAcd - ok
20:26:38.0191 0x17dc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:26:38.0191 0x17dc  RasAgileVpn - ok
20:26:38.0207 0x17dc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:26:38.0222 0x17dc  RasAuto - ok
20:26:38.0269 0x17dc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:26:38.0269 0x17dc  Rasl2tp - ok
20:26:38.0332 0x17dc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:26:38.0347 0x17dc  RasMan - ok
20:26:38.0363 0x17dc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:26:38.0363 0x17dc  RasPppoe - ok
20:26:38.0394 0x17dc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:26:38.0394 0x17dc  RasSstp - ok
20:26:38.0410 0x17dc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:26:38.0425 0x17dc  rdbss - ok
20:26:38.0441 0x17dc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:26:38.0441 0x17dc  rdpbus - ok
20:26:38.0472 0x17dc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:26:38.0472 0x17dc  RDPCDD - ok
20:26:38.0488 0x17dc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:26:38.0488 0x17dc  RDPENCDD - ok
20:26:38.0503 0x17dc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:26:38.0503 0x17dc  RDPREFMP - ok
20:26:38.0550 0x17dc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:26:38.0566 0x17dc  RDPWD - ok
20:26:38.0628 0x17dc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:26:38.0628 0x17dc  rdyboost - ok
20:26:38.0659 0x17dc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:26:38.0659 0x17dc  RemoteAccess - ok
20:26:38.0690 0x17dc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:26:38.0690 0x17dc  RemoteRegistry - ok
20:26:38.0706 0x17dc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:26:38.0722 0x17dc  RpcEptMapper - ok
20:26:38.0737 0x17dc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:26:38.0737 0x17dc  RpcLocator - ok
20:26:38.0784 0x17dc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:26:38.0800 0x17dc  RpcSs - ok
20:26:38.0815 0x17dc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:26:38.0831 0x17dc  rspndr - ok
20:26:38.0846 0x17dc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:26:38.0846 0x17dc  SamSs - ok
20:26:38.0893 0x17dc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:26:38.0893 0x17dc  sbp2port - ok
20:26:38.0924 0x17dc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:26:38.0940 0x17dc  SCardSvr - ok
20:26:38.0971 0x17dc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:26:38.0971 0x17dc  scfilter - ok
20:26:39.0049 0x17dc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:26:39.0080 0x17dc  Schedule - ok
20:26:39.0127 0x17dc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:26:39.0127 0x17dc  SCPolicySvc - ok
20:26:39.0221 0x17dc  [ D9CEBA132B17622C4349AF510348EE3E, 52C02367374467F10EE620924B1E47DD50159DA8EA61683F9742EA6704A501CB ] SDHookDriver    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
20:26:39.0221 0x17dc  SDHookDriver - ok
20:26:39.0268 0x17dc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:26:39.0283 0x17dc  SDRSVC - ok
20:26:39.0377 0x17dc  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:26:39.0424 0x17dc  SDScannerService - ok
20:26:39.0548 0x17dc  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:26:39.0595 0x17dc  SDUpdateService - ok
20:26:39.0642 0x17dc  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:26:39.0642 0x17dc  SDWSCService - ok
20:26:39.0673 0x17dc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:26:39.0673 0x17dc  secdrv - ok
20:26:39.0704 0x17dc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:26:39.0704 0x17dc  seclogon - ok
20:26:39.0720 0x17dc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:26:39.0736 0x17dc  SENS - ok
20:26:39.0751 0x17dc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:26:39.0751 0x17dc  SensrSvc - ok
20:26:39.0829 0x17dc  [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
20:26:39.0829 0x17dc  Sentinel64 - ok
20:26:39.0860 0x17dc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:26:39.0860 0x17dc  Serenum - ok
20:26:39.0907 0x17dc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:26:39.0907 0x17dc  Serial - ok
20:26:39.0938 0x17dc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:26:39.0938 0x17dc  sermouse - ok
20:26:39.0985 0x17dc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:26:39.0985 0x17dc  SessionEnv - ok
20:26:40.0016 0x17dc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:26:40.0016 0x17dc  sffdisk - ok
20:26:40.0032 0x17dc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:26:40.0032 0x17dc  sffp_mmc - ok
20:26:40.0048 0x17dc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:26:40.0048 0x17dc  sffp_sd - ok
20:26:40.0063 0x17dc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:26:40.0063 0x17dc  sfloppy - ok
20:26:40.0110 0x17dc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:26:40.0126 0x17dc  SharedAccess - ok
20:26:40.0172 0x17dc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:26:40.0172 0x17dc  ShellHWDetection - ok
20:26:40.0204 0x17dc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:26:40.0204 0x17dc  SiSRaid2 - ok
20:26:40.0219 0x17dc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:26:40.0219 0x17dc  SiSRaid4 - ok
20:26:40.0313 0x17dc  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:26:40.0313 0x17dc  SkypeUpdate - ok
20:26:40.0344 0x17dc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:26:40.0344 0x17dc  Smb - ok
20:26:40.0375 0x17dc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:26:40.0375 0x17dc  SNMPTRAP - ok
20:26:40.0516 0x17dc  [ 4945020BC094C322571184A6E8056B3A, 9E09257411F7C3631537D0198E0E64CDD1A697D80430F6379139B15A2BA8A6C9 ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
20:26:40.0516 0x17dc  SolidWorks Licensing Service - ok
20:26:40.0562 0x17dc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:26:40.0562 0x17dc  spldr - ok
20:26:40.0609 0x17dc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:26:40.0625 0x17dc  Spooler - ok
20:26:40.0796 0x17dc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:26:40.0937 0x17dc  sppsvc - ok
20:26:40.0952 0x17dc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:26:40.0968 0x17dc  sppuinotify - ok
20:26:41.0015 0x17dc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:26:41.0030 0x17dc  srv - ok
20:26:41.0046 0x17dc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:26:41.0062 0x17dc  srv2 - ok
20:26:41.0077 0x17dc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:26:41.0093 0x17dc  srvnet - ok
20:26:41.0108 0x17dc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:26:41.0124 0x17dc  SSDPSRV - ok
20:26:41.0140 0x17dc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:26:41.0140 0x17dc  SstpSvc - ok
20:26:41.0155 0x17dc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:26:41.0155 0x17dc  stexstor - ok
20:26:41.0218 0x17dc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:26:41.0233 0x17dc  stisvc - ok
20:26:41.0280 0x17dc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:26:41.0280 0x17dc  swenum - ok
20:26:41.0311 0x17dc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:26:41.0327 0x17dc  swprv - ok
20:26:41.0374 0x17dc  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:26:41.0389 0x17dc  SynTP - ok
20:26:41.0483 0x17dc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:26:41.0530 0x17dc  SysMain - ok
20:26:41.0576 0x17dc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:26:41.0592 0x17dc  TabletInputService - ok
20:26:41.0608 0x17dc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:26:41.0623 0x17dc  TapiSrv - ok
20:26:41.0639 0x17dc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:26:41.0639 0x17dc  TBS - ok
20:26:41.0717 0x17dc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:26:41.0779 0x17dc  Tcpip - ok
20:26:41.0857 0x17dc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:26:41.0904 0x17dc  TCPIP6 - ok
20:26:41.0966 0x17dc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:26:41.0966 0x17dc  tcpipreg - ok
20:26:41.0982 0x17dc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:26:41.0998 0x17dc  TDPIPE - ok
20:26:42.0029 0x17dc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:26:42.0029 0x17dc  TDTCP - ok
20:26:42.0060 0x17dc  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:26:42.0076 0x17dc  tdx - ok
20:26:42.0122 0x17dc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:26:42.0122 0x17dc  TermDD - ok
20:26:42.0185 0x17dc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:26:42.0200 0x17dc  TermService - ok
20:26:42.0232 0x17dc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:26:42.0232 0x17dc  Themes - ok
20:26:42.0263 0x17dc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:26:42.0263 0x17dc  THREADORDER - ok
20:26:42.0294 0x17dc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:26:42.0294 0x17dc  TrkWks - ok
20:26:42.0356 0x17dc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:26:42.0372 0x17dc  TrustedInstaller - ok
20:26:42.0403 0x17dc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:26:42.0403 0x17dc  tssecsrv - ok
20:26:42.0466 0x17dc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:26:42.0466 0x17dc  TsUsbFlt - ok
20:26:42.0512 0x17dc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:26:42.0528 0x17dc  tunnel - ok
20:26:42.0559 0x17dc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:26:42.0559 0x17dc  uagp35 - ok
20:26:42.0606 0x17dc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:26:42.0622 0x17dc  udfs - ok
20:26:42.0637 0x17dc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:26:42.0653 0x17dc  UI0Detect - ok
20:26:42.0684 0x17dc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:26:42.0700 0x17dc  uliagpkx - ok
20:26:42.0746 0x17dc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
20:26:42.0746 0x17dc  umbus - ok
20:26:42.0778 0x17dc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:26:42.0778 0x17dc  UmPass - ok
20:26:42.0934 0x17dc  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:26:42.0980 0x17dc  UNS - ok
20:26:43.0074 0x17dc  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
20:26:43.0074 0x17dc  Updater Service - ok
20:26:43.0105 0x17dc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:26:43.0121 0x17dc  upnphost - ok
20:26:43.0168 0x17dc  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:26:43.0168 0x17dc  USBAAPL64 - ok
20:26:43.0199 0x17dc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:26:43.0199 0x17dc  usbccgp - ok
20:26:43.0199 0x1748  Object required for P2P: [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm
20:26:43.0261 0x17dc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:26:43.0261 0x17dc  usbcir - ok
20:26:43.0292 0x17dc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:26:43.0292 0x17dc  usbehci - ok
20:26:43.0339 0x17dc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:26:43.0355 0x17dc  usbhub - ok
20:26:43.0370 0x17dc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:26:43.0370 0x17dc  usbohci - ok
20:26:43.0433 0x17dc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:26:43.0433 0x17dc  usbprint - ok
20:26:43.0480 0x17dc  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
20:26:43.0480 0x17dc  usbscan - ok
20:26:43.0526 0x17dc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:26:43.0526 0x17dc  USBSTOR - ok
20:26:43.0542 0x17dc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:26:43.0542 0x17dc  usbuhci - ok
20:26:43.0589 0x17dc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:26:43.0604 0x17dc  usbvideo - ok
20:26:43.0620 0x17dc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:26:43.0636 0x17dc  UxSms - ok
20:26:43.0636 0x17dc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:26:43.0636 0x17dc  VaultSvc - ok
20:26:43.0682 0x17dc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:26:43.0682 0x17dc  vdrvroot - ok
20:26:43.0745 0x17dc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:26:43.0776 0x17dc  vds - ok
20:26:43.0792 0x17dc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:26:43.0792 0x17dc  vga - ok
20:26:43.0823 0x17dc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:26:43.0823 0x17dc  VgaSave - ok
20:26:43.0870 0x17dc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:26:43.0870 0x17dc  vhdmp - ok
20:26:43.0916 0x17dc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:26:43.0916 0x17dc  viaide - ok
20:26:43.0948 0x17dc  VmodeNT - ok
20:26:44.0010 0x17dc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:26:44.0010 0x17dc  volmgr - ok
20:26:44.0072 0x17dc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:26:44.0088 0x17dc  volmgrx - ok
20:26:44.0135 0x17dc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:26:44.0150 0x17dc  volsnap - ok
20:26:44.0182 0x17dc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:26:44.0197 0x17dc  vsmraid - ok
20:26:44.0275 0x17dc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:26:44.0322 0x17dc  VSS - ok
20:26:44.0416 0x17dc  [ B3CCE4854758F462706BEC469799EBEC, D4FAE06265E9F365E0D2A55C4123A4B6FEB80A5EDD1CC974F8A04C3EAFC81642 ] VTechUSBSocketService C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
20:26:44.0416 0x17dc  VTechUSBSocketService - ok
20:26:44.0447 0x17dc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:26:44.0447 0x17dc  vwifibus - ok
20:26:44.0462 0x17dc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:26:44.0462 0x17dc  vwififlt - ok
20:26:44.0494 0x17dc  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:26:44.0494 0x17dc  vwifimp - ok
20:26:44.0556 0x17dc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:26:44.0556 0x17dc  W32Time - ok
20:26:44.0572 0x17dc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:26:44.0587 0x17dc  WacomPen - ok
20:26:44.0618 0x17dc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:26:44.0634 0x17dc  WANARP - ok
20:26:44.0634 0x17dc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:26:44.0634 0x17dc  Wanarpv6 - ok
20:26:44.0728 0x17dc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:26:44.0774 0x17dc  WatAdminSvc - ok
20:26:44.0852 0x17dc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:26:44.0899 0x17dc  wbengine - ok
20:26:44.0930 0x17dc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:26:44.0930 0x17dc  WbioSrvc - ok
20:26:44.0993 0x17dc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:26:45.0008 0x17dc  wcncsvc - ok
20:26:45.0024 0x17dc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:26:45.0024 0x17dc  WcsPlugInService - ok
20:26:45.0055 0x17dc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:26:45.0055 0x17dc  Wd - ok
20:26:45.0133 0x17dc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:26:45.0149 0x17dc  Wdf01000 - ok
20:26:45.0180 0x17dc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:26:45.0180 0x17dc  WdiServiceHost - ok
20:26:45.0180 0x17dc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:26:45.0196 0x17dc  WdiSystemHost - ok
20:26:45.0242 0x17dc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:26:45.0258 0x17dc  WebClient - ok
20:26:45.0274 0x17dc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:26:45.0289 0x17dc  Wecsvc - ok
20:26:45.0305 0x17dc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:26:45.0305 0x17dc  wercplsupport - ok
20:26:45.0336 0x17dc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:26:45.0336 0x17dc  WerSvc - ok
20:26:45.0367 0x17dc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:26:45.0367 0x17dc  WfpLwf - ok
20:26:45.0383 0x17dc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:26:45.0383 0x17dc  WIMMount - ok
20:26:45.0414 0x17dc  WinDefend - ok
20:26:45.0430 0x17dc  WinHttpAutoProxySvc - ok
20:26:45.0492 0x17dc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:26:45.0492 0x17dc  Winmgmt - ok
20:26:45.0601 0x17dc  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
20:26:45.0664 0x17dc  WinRM - ok
20:26:45.0710 0x17dc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:26:45.0726 0x17dc  WinUsb - ok
20:26:45.0773 0x17dc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:26:45.0788 0x17dc  Wlansvc - ok
20:26:45.0851 0x17dc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:26:45.0851 0x17dc  WmiAcpi - ok
20:26:45.0882 0x17dc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:26:45.0882 0x17dc  wmiApSrv - ok
20:26:45.0913 0x17dc  WMPNetworkSvc - ok
20:26:45.0944 0x17dc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:26:45.0944 0x17dc  WPCSvc - ok
20:26:45.0991 0x17dc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:26:46.0007 0x17dc  WPDBusEnum - ok
20:26:46.0038 0x17dc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:26:46.0038 0x17dc  ws2ifsl - ok
20:26:46.0054 0x17dc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:26:46.0054 0x17dc  wscsvc - ok
20:26:46.0054 0x17dc  WSearch - ok
20:26:46.0178 0x17dc  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:26:46.0210 0x1748  Object send P2P result: true
20:26:46.0225 0x1748  Object required for P2P: [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC
20:26:46.0241 0x17dc  wuauserv - ok
20:26:46.0288 0x17dc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:26:46.0288 0x17dc  WudfPf - ok
20:26:46.0319 0x17dc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:26:46.0334 0x17dc  WUDFRd - ok
20:26:46.0381 0x17dc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:26:46.0381 0x17dc  wudfsvc - ok
20:26:46.0428 0x17dc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:26:46.0428 0x17dc  WwanSvc - ok
20:26:46.0444 0x17dc  ================ Scan global ===============================
20:26:46.0459 0x17dc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:26:46.0506 0x17dc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:26:46.0522 0x17dc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:26:46.0553 0x17dc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:26:46.0584 0x17dc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:26:46.0600 0x17dc  [ Global ] - ok
20:26:46.0600 0x17dc  ================ Scan MBR ==================================
20:26:46.0615 0x17dc  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:26:46.0740 0x1748  Object send P2P result: true
20:26:46.0756 0x1748  Object required for P2P: [ DB801A638D011B9633829EB6F663C900 ] msdsm
20:26:46.0834 0x17dc  \Device\Harddisk0\DR0 - ok
20:26:46.0834 0x17dc  ================ Scan VBR ==================================
20:26:46.0849 0x17dc  [ AE11EAF46C2DB25EA843C8A9B22D2C6F ] \Device\Harddisk0\DR0\Partition1
20:26:46.0849 0x17dc  \Device\Harddisk0\DR0\Partition1 - ok
20:26:46.0849 0x17dc  [ 9BCBA138158CB02F8549D7D8565A56C3 ] \Device\Harddisk0\DR0\Partition2
20:26:46.0849 0x17dc  \Device\Harddisk0\DR0\Partition2 - ok
20:26:46.0849 0x17dc  ================ Scan generic autorun ======================
20:26:47.0255 0x1748  Object send P2P result: true
20:26:47.0255 0x1748  Object required for P2P: [ 8B301D474B478E9A92823BAB50A7BC49 ] NlaSvc
20:26:47.0270 0x17dc  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:26:47.0520 0x17dc  RtHDVCpl - ok
20:26:47.0536 0x17dc  SynTPEnh - ok
20:26:47.0614 0x17dc  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
20:26:47.0629 0x17dc  Acer ePower Management - ok
20:26:47.0692 0x17dc  [ 77AC8322178FB8F3117CDD3B6DC6E126, 2786198EE920D7788FA0DE376231D4E42AB68F6D5A1E87FAC1F3D7424D1ED493 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:26:47.0707 0x17dc  StartCCC - ok
20:26:47.0754 0x1748  Object send P2P result: true
20:26:47.0754 0x1748  Object required for P2P: [ B6A58491307B4CADA572583D863DC602 ] ProfSvc
20:26:47.0879 0x17dc  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:26:47.0988 0x17dc  SDTray - ok
20:26:48.0097 0x17dc  [ 4E95B1FDDC9E51678BFA2A723EAA94EF, B52F87C61486E9E1321048C50982A85A693CC08E2B1584B497CA9D0D2428BBE8 ] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
20:26:48.0113 0x17dc  AgentMonitor - ok
20:26:48.0191 0x17dc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:26:48.0222 0x17dc  Sidebar - ok
20:26:48.0238 0x17dc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:26:48.0253 0x17dc  mctadmin - ok
20:26:48.0284 0x1748  Object send P2P result: true
20:26:48.0300 0x1748  Object required for P2P: [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port
20:26:48.0300 0x17dc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:26:48.0331 0x17dc  Sidebar - ok
20:26:48.0331 0x17dc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:26:48.0331 0x17dc  mctadmin - ok
20:26:48.0440 0x17dc  [ 71BF080E5E659B8812851E1E243ED1BE, FA824DD274B781667FA2683DBDBB19B83C37198EB9C337B1AB8B5314657330D9 ] C:\Users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe
20:26:48.0440 0x17dc  Suspicious file ( NoAccess ): C:\Users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe. md5: 71BF080E5E659B8812851E1E243ED1BE, sha256: FA824DD274B781667FA2683DBDBB19B83C37198EB9C337B1AB8B5314657330D9
20:26:48.0440 0x17dc  plenty-row - detected LockedFile.Multi.Generic ( 1 )
20:26:48.0815 0x1748  Object send P2P result: true
20:26:48.0830 0x1748  Object required for P2P: [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2
20:26:49.0033 0x17dc  plenty-row ( LockedFile.Multi.Generic ) - warning
20:26:49.0033 0x17dc  Force sending object to P2P due to detect: C:\Users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe
20:26:49.0345 0x1748  Object send P2P result: true
20:26:49.0345 0x1748  Object required for P2P: [ 3371D21011695B16333A3934340C4E7C ] TDPIPE
20:26:49.0564 0x17dc  Object send P2P result: true
20:26:49.0829 0x1748  Object send P2P result: true
20:26:51.0826 0x16cc  Object required for P2P: [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid
20:26:52.0325 0x16cc  Object send P2P result: true
20:26:52.0512 0x17dc  [ B14D06204D60BC828523571147E60C86, 221318C23611C6642467968ACA3F09CE35CFBF5EBD04A96F22FEB3CA88C6604A ] C:\Users\R\AppData\Local\Temp\Lesson_doctor\lesson-sand.exe
20:26:52.0512 0x17dc  Suspicious file ( NoAccess ): C:\Users\R\AppData\Local\Temp\Lesson_doctor\lesson-sand.exe. md5: B14D06204D60BC828523571147E60C86, sha256: 221318C23611C6642467968ACA3F09CE35CFBF5EBD04A96F22FEB3CA88C6604A
20:26:52.0528 0x17dc  lesson-guide - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
20:26:52.0965 0x17dc  lesson-guide ( Trojan-Spy.Win32.ZBot.gen ) - infected
20:26:52.0965 0x17dc  Force sending object to P2P due to detect: C:\Users\R\AppData\Local\Temp\Lesson_doctor\lesson-sand.exe
20:26:53.0448 0x17dc  Object send P2P result: true
20:26:53.0838 0x17dc  [ B74D20DAA2B383B7E065146E7ECBE47F, 3BA26F4848CFE19F482C68530FA0C82CE89FE238CC1DBA1A331D331987668EED ] C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe
20:26:53.0838 0x17dc  body-lesson - ok
20:26:53.0885 0x17dc  [ A19E974236369A1B74AEC864EC80B100, 0AAD2E2F01A019EA1A0790FF311E2D39F770B37734E0A479D2F057155FF02752 ] C:\Users\R\AppData\Local\Boxlack\boxbat.exe
20:26:53.0901 0x17dc  box-scratch - ok
20:26:53.0947 0x17dc  [ B76E1AF976BC8058F972DC1FB5F9A2A3, 62F81F9026BF42295B2D1C1314BF8C8916530F5C901759DA11FB9479335792B4 ] C:\Users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe
20:26:53.0947 0x17dc  Suspicious file ( NoAccess ): C:\Users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe. md5: B76E1AF976BC8058F972DC1FB5F9A2A3, sha256: 62F81F9026BF42295B2D1C1314BF8C8916530F5C901759DA11FB9479335792B4
20:26:53.0947 0x17dc  tooth-reflect - detected LockedFile.Multi.Generic ( 1 )
20:26:54.0369 0x17dc  Detect turned to UDS exact due to KSN untrusted
20:26:54.0369 0x17dc  tooth-reflect ( UDS:DangerousObject.Multi.Generic ) - infected
20:26:54.0369 0x17dc  Force sending object to P2P due to detect: C:\Users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe
20:26:54.0805 0x17dc  Object send P2P result: true
20:26:55.0180 0x17dc  [ A59F36672E8D019602106BE21F5A44D7, 95E13EB70742F401AE29BE46F6629254BD34703BA3A1FCB9727846977842C453 ] C:\Users\R\AppData\Roaming\Stringhurt\string-appeal.exe
20:26:55.0195 0x17dc  string-iron - ok
20:26:55.0367 0x17dc  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
20:26:55.0523 0x17dc  Spybot-S&D Cleaning - ok
20:26:55.0554 0x17dc  [ B76E1AF976BC8058F972DC1FB5F9A2A3, 62F81F9026BF42295B2D1C1314BF8C8916530F5C901759DA11FB9479335792B4 ] C:\Users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe
20:26:55.0554 0x17dc  Suspicious file ( NoAccess ): C:\Users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe. md5: B76E1AF976BC8058F972DC1FB5F9A2A3, sha256: 62F81F9026BF42295B2D1C1314BF8C8916530F5C901759DA11FB9479335792B4
20:26:55.0554 0x17dc  tooth-reflect - detected LockedFile.Multi.Generic ( 1 )
20:26:55.0554 0x17dc  Detect turned to UDS exact due to KSN untrusted
20:26:55.0554 0x17dc  tooth-reflect ( UDS:DangerousObject.Multi.Generic ) - infected
20:26:55.0554 0x17dc  Force sending object to P2P due to detect: C:\Users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe
20:26:56.0116 0x17dc  Object send P2P result: true
20:26:56.0459 0x17dc  Waiting for KSN requests completion. In queue: 4
20:26:57.0473 0x17dc  Have new async UDS detects: 2
20:26:57.0473 0x17dc  box-scratch - detected UDS:DangerousObject.Multi.Generic ( 0 )
20:26:57.0473 0x17dc  box-scratch ( UDS:DangerousObject.Multi.Generic ) - infected
20:26:57.0473 0x17dc  Force sending object to P2P due to detect: C:\Users\R\AppData\Local\Boxlack\boxbat.exe
20:26:57.0910 0x17dc  Object send P2P result: true
20:26:58.0300 0x17dc  string-iron - detected UDS:DangerousObject.Multi.Generic ( 0 )
20:26:58.0300 0x17dc  string-iron ( UDS:DangerousObject.Multi.Generic ) - infected
20:26:58.0300 0x17dc  Force sending object to P2P due to detect: C:\Users\R\AppData\Roaming\Stringhurt\string-appeal.exe
20:26:58.0846 0x17dc  Object send P2P result: true
20:26:59.0283 0x17dc  AV detected via SS2: Spybot - Search and Destroy, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ( 2.3.39.0 ), 0x61000 ( enabled : updated )
20:26:59.0314 0x17dc  Win FW state via NFP2: enabled
20:26:59.0673 0x17dc  ============================================================
20:26:59.0673 0x17dc  Scan finished
20:26:59.0673 0x17dc  ============================================================
20:26:59.0673 0x0d28  Detected object count: 6
20:26:59.0673 0x0d28  Actual detected object count: 6
20:27:39.0469 0x0d28  plenty-row ( LockedFile.Multi.Generic ) - skipped by user
20:27:39.0469 0x0d28  plenty-row ( LockedFile.Multi.Generic ) - User select action: Skip 
20:27:39.0469 0x0d28  lesson-guide ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
20:27:39.0469 0x0d28  lesson-guide ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
20:27:39.0469 0x0d28  tooth-reflect ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:27:39.0469 0x0d28  tooth-reflect ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
20:27:39.0469 0x0d28  tooth-reflect ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:27:39.0469 0x0d28  tooth-reflect ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
20:27:39.0469 0x0d28  box-scratch ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:27:39.0469 0x0d28  box-scratch ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
20:27:39.0469 0x0d28  string-iron ( UDS:DangerousObject.Multi.Generic ) - skipped by user
20:27:39.0469 0x0d28  string-iron ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip

schrauber · 07.02.2015, 12:06

Das folgende gilt für alle Funde bei TDSSKIller.

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Drücke auf Start Scan.
Mache während dem Scan nichts am Rechner
Gehe sicher das Cure ( default ) angehackt ist !
Drücke Continue --> Reboot.

TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Ebenso bitte nochmal frische Scans mit MBAR und TDSSKiller.

Steve71037 · 07.02.2015, 18:48

TDKILLER:

Code:

ATTFilter

18:34:17.0442 0x10a4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:34:22.0216 0x10a4  ============================================================
18:34:22.0216 0x10a4  Current date / time: 2015/02/07 18:34:22.0216
18:34:22.0216 0x10a4  SystemInfo:
18:34:22.0216 0x10a4  
18:34:22.0216 0x10a4  OS Version: 6.1.7601 ServicePack: 1.0
18:34:22.0216 0x10a4  Product type: Workstation
18:34:22.0216 0x10a4  ComputerName: R-PC
18:34:22.0216 0x10a4  UserName: R
18:34:22.0216 0x10a4  Windows directory: C:\Windows
18:34:22.0216 0x10a4  System windows directory: C:\Windows
18:34:22.0216 0x10a4  Running under WOW64
18:34:22.0216 0x10a4  Processor architecture: Intel x64
18:34:22.0216 0x10a4  Number of processors: 2
18:34:22.0216 0x10a4  Page size: 0x1000
18:34:22.0216 0x10a4  Boot type: Normal boot
18:34:22.0216 0x10a4  ============================================================
18:34:22.0403 0x10a4  KLMD registered as C:\Windows\system32\drivers\39133932.sys
18:34:22.0840 0x10a4  System UUID: {0BA63A7C-B01E-CDF5-0B5B-E8C26718FC02}
18:34:23.0402 0x10a4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:34:23.0402 0x10a4  ============================================================
18:34:23.0402 0x10a4  \Device\Harddisk0\DR0:
18:34:23.0402 0x10a4  MBR partitions:
18:34:23.0402 0x10a4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
18:34:23.0402 0x10a4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
18:34:23.0402 0x10a4  ============================================================
18:34:23.0417 0x10a4  C: <-> \Device\Harddisk0\DR0\Partition2
18:34:23.0417 0x10a4  ============================================================
18:34:23.0417 0x10a4  Initialize success
18:34:23.0417 0x10a4  ============================================================

ROOTKIT:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.07.05
  rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
R :: R-PC [administrator]

07.02.2015 15:07:39
mbar-log-2015-02-07 (15-07-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 356158
Time elapsed: 35 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber ich habe ein fehler gemacht ,nun verbessert hier der neue LOG von ROOTKIT

Code:

ATTFilter

18:43:44.0384 0x06f8  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:43:46.0397 0x06f8  ============================================================
18:43:46.0397 0x06f8  Current date / time: 2015/02/07 18:43:46.0397
18:43:46.0397 0x06f8  SystemInfo:
18:43:46.0397 0x06f8  
18:43:46.0397 0x06f8  OS Version: 6.1.7601 ServicePack: 1.0
18:43:46.0397 0x06f8  Product type: Workstation
18:43:46.0397 0x06f8  ComputerName: R-PC
18:43:46.0397 0x06f8  UserName: R
18:43:46.0397 0x06f8  Windows directory: C:\Windows
18:43:46.0397 0x06f8  System windows directory: C:\Windows
18:43:46.0397 0x06f8  Running under WOW64
18:43:46.0397 0x06f8  Processor architecture: Intel x64
18:43:46.0397 0x06f8  Number of processors: 2
18:43:46.0397 0x06f8  Page size: 0x1000
18:43:46.0397 0x06f8  Boot type: Normal boot
18:43:46.0397 0x06f8  ============================================================
18:43:46.0397 0x06f8  BG loaded
18:43:52.0371 0x06f8  System UUID: {0BA63A7C-B01E-CDF5-0B5B-E8C26718FC02}
18:43:55.0835 0x06f8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:43:55.0913 0x06f8  ============================================================
18:43:55.0913 0x06f8  \Device\Harddisk0\DR0:
18:43:56.0006 0x06f8  MBR partitions:
18:43:56.0006 0x06f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
18:43:56.0006 0x06f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
18:43:56.0006 0x06f8  ============================================================
18:43:56.0755 0x06f8  C: <-> \Device\Harddisk0\DR0\Partition2
18:43:56.0755 0x06f8  ============================================================
18:43:56.0755 0x06f8  Initialize success
18:43:56.0755 0x06f8  ============================================================
18:44:08.0443 0x0c20  ============================================================
18:44:08.0443 0x0c20  Scan started
18:44:08.0443 0x0c20  Mode: Manual; 
18:44:08.0443 0x0c20  ============================================================
18:44:08.0443 0x0c20  KSN ping started
18:44:20.0208 0x0c20  KSN ping finished: true
18:44:28.0648 0x0c20  ================ Scan system memory ========================
18:44:28.0648 0x0c20  System memory - ok
18:44:28.0648 0x0c20  ================ Scan services =============================
18:44:28.0819 0x0c20  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:44:28.0819 0x0c20  1394ohci - ok
18:44:28.0897 0x0c20  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:44:28.0897 0x0c20  ACPI - ok
18:44:28.0928 0x0c20  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:44:28.0928 0x0c20  AcpiPmi - ok
18:44:29.0084 0x0c20  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:44:29.0084 0x0c20  AdobeARMservice - ok
18:44:29.0147 0x0c20  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:44:29.0162 0x0c20  adp94xx - ok
18:44:29.0209 0x0c20  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:44:29.0225 0x0c20  adpahci - ok
18:44:29.0256 0x0c20  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:44:29.0256 0x0c20  adpu320 - ok
18:44:29.0303 0x0c20  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:44:29.0303 0x0c20  AeLookupSvc - ok
18:44:29.0365 0x0c20  [ 65F8D71074FCE72B6C491F63535FEDC6, D5EF748DA71AC0EC88E0D33A753FF215CAD42ECEE1263D9FAEA6D059059DE260 ] AF9035BDA       C:\Windows\system32\DRIVERS\AF15BDA.sys
18:44:29.0381 0x0c20  AF9035BDA - ok
18:44:29.0443 0x0c20  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:44:29.0568 0x0c20  AFD - ok
18:44:29.0615 0x0c20  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:44:29.0615 0x0c20  agp440 - ok
18:44:29.0646 0x0c20  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:44:29.0646 0x0c20  ALG - ok
18:44:29.0708 0x0c20  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:44:29.0708 0x0c20  aliide - ok
18:44:29.0755 0x0c20  [ 3D90CF67DB75823A8480E56BBCD2E028, 775D58B99ACA606D434713BC00132D43061C37CFEEAECD194FCFDF45792944A3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:44:29.0755 0x0c20  AMD External Events Utility - ok
18:44:29.0802 0x0c20  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:44:29.0802 0x0c20  amdide - ok
18:44:29.0833 0x0c20  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:44:29.0833 0x0c20  AmdK8 - ok
18:44:30.0098 0x0c20  [ 52679612D742BF74CA1BA6AB86DDF431, 9D7A8FA8952519AD83CD36038F85B958BC97D1A25596EDC01CA1F6DD45DB542A ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
18:44:30.0473 0x0c20  amdkmdag - ok
18:44:30.0520 0x0c20  [ 414E0788920A8C856032BE2CBF29F984, 2DD027ADA24C871167C80A2F5C5ED5CB3AEA1E3A4E8C5FD352FA82C33B24479B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:44:30.0520 0x0c20  amdkmdap - ok
18:44:30.0551 0x0c20  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:44:30.0551 0x0c20  AmdPPM - ok
18:44:30.0598 0x0c20  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:44:30.0598 0x0c20  amdsata - ok
18:44:30.0613 0x0c20  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:44:30.0629 0x0c20  amdsbs - ok
18:44:30.0660 0x0c20  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:44:30.0676 0x0c20  amdxata - ok
18:44:30.0707 0x0c20  [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
18:44:30.0707 0x0c20  AmUStor - ok
18:44:30.0754 0x0c20  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:44:30.0754 0x0c20  AppID - ok
18:44:30.0785 0x0c20  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:44:30.0785 0x0c20  AppIDSvc - ok
18:44:30.0847 0x0c20  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:44:30.0847 0x0c20  Appinfo - ok
18:44:30.0941 0x0c20  [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:44:30.0941 0x0c20  Apple Mobile Device - ok
18:44:30.0972 0x0c20  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:44:30.0972 0x0c20  arc - ok
18:44:30.0988 0x0c20  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:44:30.0988 0x0c20  arcsas - ok
18:44:31.0112 0x0c20  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:44:31.0144 0x0c20  aspnet_state - ok
18:44:31.0175 0x0c20  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:44:31.0175 0x0c20  AsyncMac - ok
18:44:31.0206 0x0c20  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:44:31.0206 0x0c20  atapi - ok
18:44:31.0331 0x0c20  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:44:31.0378 0x0c20  athr - ok
18:44:31.0424 0x0c20  [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
18:44:31.0424 0x0c20  AtiHdmiService - ok
18:44:31.0471 0x0c20  [ 4AEF9EC86818375495FB78CA58DF4E18, 0565888F798FAB86091E7A7D8E1D583DF3CC5756A12ACF04987C67C14E360DFB ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
18:44:31.0487 0x0c20  atksgt - ok
18:44:31.0549 0x0c20  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:44:31.0565 0x0c20  AudioEndpointBuilder - ok
18:44:31.0580 0x0c20  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:44:31.0596 0x0c20  AudioSrv - ok
18:44:31.0658 0x0c20  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:44:31.0658 0x0c20  AxInstSV - ok
18:44:31.0705 0x0c20  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:44:31.0721 0x0c20  b06bdrv - ok
18:44:31.0768 0x0c20  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:44:31.0768 0x0c20  b57nd60a - ok
18:44:31.0846 0x0c20  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
18:44:31.0877 0x0c20  BCM43XX - ok
18:44:31.0908 0x0c20  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:44:31.0924 0x0c20  BDESVC - ok
18:44:31.0939 0x0c20  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:44:31.0939 0x0c20  Beep - ok
18:44:32.0033 0x0c20  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:44:32.0048 0x0c20  BFE - ok
18:44:32.0220 0x0c20  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:44:32.0236 0x0c20  BITS - ok
18:44:32.0267 0x0c20  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:44:32.0267 0x0c20  blbdrive - ok
18:44:32.0345 0x0c20  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:44:32.0360 0x0c20  Bonjour Service - ok
18:44:32.0376 0x0c20  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:44:32.0376 0x0c20  bowser - ok
18:44:32.0407 0x0c20  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:44:32.0407 0x0c20  BrFiltLo - ok
18:44:32.0423 0x0c20  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:44:32.0423 0x0c20  BrFiltUp - ok
18:44:32.0454 0x0c20  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:44:32.0470 0x0c20  Browser - ok
18:44:32.0501 0x0c20  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:44:32.0516 0x0c20  Brserid - ok
18:44:32.0532 0x0c20  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:44:32.0548 0x0c20  BrSerWdm - ok
18:44:32.0563 0x0c20  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:44:32.0563 0x0c20  BrUsbMdm - ok
18:44:32.0594 0x0c20  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:44:32.0594 0x0c20  BrUsbSer - ok
18:44:32.0610 0x0c20  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:44:32.0610 0x0c20  BTHMODEM - ok
18:44:32.0688 0x0c20  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:44:32.0688 0x0c20  bthserv - ok
18:44:32.0735 0x0c20  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:44:32.0735 0x0c20  cdfs - ok
18:44:32.0797 0x0c20  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:44:32.0813 0x0c20  cdrom - ok
18:44:32.0860 0x0c20  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:44:32.0860 0x0c20  CertPropSvc - ok
18:44:32.0891 0x0c20  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:44:32.0891 0x0c20  circlass - ok
18:44:32.0969 0x0c20  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys
18:44:32.0984 0x0c20  cleanhlp - ok
18:44:33.0016 0x0c20  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:44:33.0016 0x0c20  CLFS - ok
18:44:33.0078 0x0c20  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:33.0125 0x0c20  clr_optimization_v2.0.50727_32 - ok
18:44:33.0156 0x0c20  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:44:33.0156 0x0c20  clr_optimization_v2.0.50727_64 - ok
18:44:33.0218 0x0c20  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:44:33.0312 0x0c20  clr_optimization_v4.0.30319_32 - ok
18:44:33.0328 0x0c20  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:44:33.0359 0x0c20  clr_optimization_v4.0.30319_64 - ok
18:44:33.0374 0x0c20  clwvd - ok
18:44:33.0406 0x0c20  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:44:33.0406 0x0c20  CmBatt - ok
18:44:33.0437 0x0c20  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:44:33.0437 0x0c20  cmdide - ok
18:44:33.0515 0x0c20  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:44:33.0530 0x0c20  CNG - ok
18:44:33.0562 0x0c20  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:44:33.0562 0x0c20  Compbatt - ok
18:44:33.0608 0x0c20  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:44:33.0608 0x0c20  CompositeBus - ok
18:44:33.0624 0x0c20  COMSysApp - ok
18:44:33.0764 0x0c20  [ AB82A8885AB9687D82AA51A4B4F62E2D, 170138100ECBD7F87A36672E445C14DFB717C7B4FF511E532400DFB3BB920B1C ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
18:44:33.0780 0x0c20  CoordinatorServiceHost - ok
18:44:33.0811 0x0c20  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:44:33.0811 0x0c20  crcdisk - ok
18:44:33.0874 0x0c20  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:44:33.0874 0x0c20  CryptSvc - ok
18:44:33.0936 0x0c20  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:44:33.0952 0x0c20  DcomLaunch - ok
18:44:33.0983 0x0c20  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:44:33.0983 0x0c20  defragsvc - ok
18:44:34.0045 0x0c20  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:44:34.0045 0x0c20  DfsC - ok
18:44:34.0108 0x0c20  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:44:34.0123 0x0c20  Dhcp - ok
18:44:34.0170 0x0c20  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:44:34.0170 0x0c20  discache - ok
18:44:34.0201 0x0c20  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:44:34.0201 0x0c20  Disk - ok
18:44:34.0217 0x0c20  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:44:34.0217 0x0c20  Dnscache - ok
18:44:34.0295 0x0c20  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:44:34.0295 0x0c20  dot3svc - ok
18:44:34.0357 0x0c20  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
18:44:34.0373 0x0c20  Dot4 - ok
18:44:34.0404 0x0c20  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:44:34.0404 0x0c20  Dot4Print - ok
18:44:34.0420 0x0c20  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
18:44:34.0435 0x0c20  dot4usb - ok
18:44:34.0498 0x0c20  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:44:34.0498 0x0c20  DPS - ok
18:44:34.0529 0x0c20  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:44:34.0529 0x0c20  drmkaud - ok
18:44:34.0576 0x0c20  [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:44:34.0591 0x0c20  DsiWMIService - ok
18:44:34.0763 0x0c20  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:44:34.0794 0x0c20  DXGKrnl - ok
18:44:34.0841 0x0c20  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:44:34.0841 0x0c20  EapHost - ok
18:44:34.0872 0x0d3c  Object required for P2P: [ FC5B75CA6A1DA31EDD4F8D53F5540B98 ] AdobeARMservice
18:44:34.0981 0x0c20  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:44:35.0122 0x0c20  ebdrv - ok
18:44:35.0153 0x0c20  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
18:44:35.0153 0x0c20  EFS - ok
18:44:35.0246 0x0c20  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:44:35.0262 0x0c20  ehRecvr - ok
18:44:35.0278 0x0c20  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:44:35.0278 0x0c20  ehSched - ok
18:44:35.0324 0x0c20  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:44:35.0340 0x0c20  elxstor - ok
18:44:35.0449 0x0c20  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
18:44:35.0512 0x0c20  ePowerSvc - ok
18:44:35.0543 0x0c20  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:44:35.0543 0x0c20  ErrDev - ok
18:44:35.0621 0x0c20  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:44:35.0621 0x0c20  EventSystem - ok
18:44:35.0652 0x0c20  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:44:35.0652 0x0c20  exfat - ok
18:44:35.0683 0x0c20  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:44:35.0683 0x0c20  fastfat - ok
18:44:35.0761 0x0c20  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:44:35.0886 0x0c20  Fax - ok
18:44:35.0933 0x0c20  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:44:35.0933 0x0c20  fdc - ok
18:44:35.0964 0x0c20  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:44:35.0964 0x0c20  fdPHost - ok
18:44:35.0980 0x0c20  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:44:35.0980 0x0c20  FDResPub - ok
18:44:36.0026 0x0c20  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:44:36.0026 0x0c20  FileInfo - ok
18:44:36.0058 0x0c20  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:44:36.0073 0x0c20  Filetrace - ok
18:44:36.0151 0x0c20  [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:44:36.0167 0x0c20  FLEXnet Licensing Service - ok
18:44:36.0307 0x0c20  [ F1A9C61436E12A637A647870DD6D9EEF, 100E879BA1CC47716EE7FCB74E54328BBEC59D584F8BBACD0043FFBD2BEB9072 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:44:36.0338 0x0c20  FLEXnet Licensing Service 64 - ok
18:44:36.0354 0x0c20  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:44:36.0354 0x0c20  flpydisk - ok
18:44:36.0416 0x0c20  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:44:36.0416 0x0c20  FltMgr - ok
18:44:36.0572 0x0c20  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:44:36.0697 0x0c20  FontCache - ok
18:44:36.0884 0x0c20  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:44:36.0884 0x0c20  FontCache3.0.0.0 - ok
18:44:36.0916 0x0c20  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:44:36.0916 0x0c20  FsDepends - ok
18:44:36.0947 0x0c20  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:44:36.0947 0x0c20  Fs_Rec - ok
18:44:36.0994 0x0c20  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:44:36.0994 0x0c20  fvevol - ok
18:44:37.0009 0x0c20  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:44:37.0025 0x0c20  gagp30kx - ok
18:44:37.0103 0x0c20  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:44:37.0150 0x0c20  gpsvc - ok
18:44:37.0181 0x0c20  hardlock - ok
18:44:37.0212 0x0c20  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:44:37.0212 0x0c20  hcw85cir - ok
18:44:37.0274 0x0c20  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:44:37.0290 0x0c20  HdAudAddService - ok
18:44:37.0337 0x0c20  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:44:37.0337 0x0c20  HDAudBus - ok
18:44:37.0368 0x0c20  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
18:44:37.0368 0x0c20  HECIx64 - ok
18:44:37.0399 0x0c20  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:44:37.0399 0x0c20  HidBatt - ok
18:44:37.0430 0x0c20  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:44:37.0430 0x0c20  HidBth - ok
18:44:37.0446 0x0c20  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:44:37.0446 0x0c20  HidIr - ok
18:44:37.0462 0x0c20  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:44:37.0462 0x0c20  hidserv - ok
18:44:37.0524 0x0c20  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:44:37.0524 0x0c20  HidUsb - ok
18:44:37.0571 0x0c20  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:44:37.0571 0x0c20  hkmsvc - ok
18:44:37.0633 0x0c20  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:44:37.0649 0x0c20  HomeGroupListener - ok
18:44:37.0711 0x0c20  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:44:37.0711 0x0c20  HomeGroupProvider - ok
18:44:37.0789 0x0c20  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:44:37.0789 0x0c20  HpSAMD - ok
18:44:37.0852 0x0c20  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:44:38.0023 0x0c20  HTTP - ok
18:44:38.0101 0x0c20  [ CDAA8E257BB625B2387219E605DDE37D, 2AAA32AFC3576DBBC422557F871B934F544642EB9B85E89971F0146E2021C187 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:44:38.0101 0x0c20  hwdatacard - ok
18:44:38.0444 0x0c20  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:44:38.0569 0x0c20  hwpolicy - ok
18:44:39.0131 0x0c20  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:44:39.0131 0x0c20  i8042prt - ok
18:44:39.0178 0x0c20  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:44:39.0193 0x0c20  iaStor - ok
18:44:39.0256 0x0c20  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:44:39.0271 0x0c20  iaStorV - ok
18:44:39.0365 0x0c20  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:44:39.0412 0x0c20  idsvc - ok
18:44:39.0443 0x0c20  IEEtwCollectorService - ok
18:44:39.0958 0x0c20  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:44:40.0457 0x0c20  igfx - ok
18:44:40.0504 0x0c20  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:44:40.0519 0x0c20  iirsp - ok
18:44:40.0597 0x0c20  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:44:40.0628 0x0c20  IKEEXT - ok
18:44:40.0894 0x0c20  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:44:40.0972 0x0c20  IntcAzAudAddService - ok
18:44:41.0221 0x0c20  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:44:41.0221 0x0c20  intelide - ok
18:44:41.0268 0x0c20  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:44:41.0268 0x0c20  intelppm - ok
18:44:41.0299 0x0c20  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:44:41.0315 0x0c20  IPBusEnum - ok
18:44:41.0393 0x0c20  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:44:41.0393 0x0c20  IpFilterDriver - ok
18:44:41.0440 0x0c20  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:44:41.0455 0x0c20  iphlpsvc - ok
18:44:41.0502 0x0c20  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:44:41.0502 0x0c20  IPMIDRV - ok
18:44:41.0533 0x0c20  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:44:41.0549 0x0c20  IPNAT - ok
18:44:41.0596 0x0c20  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:44:41.0596 0x0c20  IRENUM - ok
18:44:41.0627 0x0c20  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:44:41.0627 0x0c20  isapnp - ok
18:44:41.0658 0x0c20  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:44:41.0674 0x0c20  iScsiPrt - ok
18:44:41.0720 0x0c20  [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
18:44:41.0736 0x0c20  k57nd60a - ok
18:44:41.0783 0x0c20  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:44:41.0798 0x0c20  kbdclass - ok
18:44:41.0830 0x0c20  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:44:41.0845 0x0c20  kbdhid - ok
18:44:41.0845 0x0c20  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
18:44:41.0861 0x0c20  KeyIso - ok
18:44:41.0892 0x0c20  [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
18:44:41.0892 0x0c20  KMWDFILTER - ok
18:44:41.0923 0x0c20  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:44:41.0923 0x0c20  KSecDD - ok
18:44:41.0986 0x0c20  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:44:41.0986 0x0c20  KSecPkg - ok
18:44:42.0017 0x0c20  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:44:42.0017 0x0c20  ksthunk - ok
18:44:42.0064 0x0c20  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:44:42.0079 0x0c20  KtmRm - ok
18:44:42.0110 0x0c20  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
18:44:42.0110 0x0c20  L1E - ok
18:44:42.0173 0x0c20  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:44:42.0173 0x0c20  LanmanServer - ok
18:44:42.0220 0x0c20  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:44:42.0220 0x0c20  LanmanWorkstation - ok
18:44:42.0235 0x0c20  [ B658B7076B1ACAA5876524595630F183, 3B800B81D0966C2B988857847F35FCA5BB446B368063B10094FB4483A1508B8E ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
18:44:42.0235 0x0c20  lirsgt - ok
18:44:42.0282 0x0c20  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:44:42.0282 0x0c20  lltdio - ok
18:44:42.0329 0x0c20  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:44:42.0329 0x0c20  lltdsvc - ok
18:44:42.0360 0x0c20  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:44:42.0360 0x0c20  lmhosts - ok
18:44:42.0438 0x0c20  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:44:42.0438 0x0c20  LMS - ok
18:44:42.0485 0x0c20  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:44:42.0485 0x0c20  LSI_FC - ok
18:44:42.0516 0x0c20  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:44:42.0516 0x0c20  LSI_SAS - ok
18:44:42.0532 0x0c20  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:44:42.0532 0x0c20  LSI_SAS2 - ok
18:44:42.0563 0x0c20  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:44:42.0563 0x0c20  LSI_SCSI - ok
18:44:42.0594 0x0c20  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:44:42.0594 0x0c20  luafv - ok
18:44:42.0641 0x0c20  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:44:42.0641 0x0c20  Mcx2Svc - ok
18:44:42.0656 0x0c20  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:44:42.0672 0x0c20  megasas - ok
18:44:42.0688 0x0c20  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:44:42.0688 0x0c20  MegaSR - ok
18:44:42.0719 0x0c20  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:44:42.0719 0x0c20  MMCSS - ok
18:44:42.0734 0x0c20  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:44:42.0734 0x0c20  Modem - ok
18:44:42.0766 0x0c20  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:44:42.0766 0x0c20  monitor - ok
18:44:42.0828 0x0c20  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:44:42.0828 0x0c20  mouclass - ok
18:44:42.0875 0x0c20  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:44:42.0875 0x0c20  mouhid - ok
18:44:42.0906 0x0c20  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:44:42.0922 0x0c20  mountmgr - ok
18:44:42.0984 0x0c20  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:44:43.0000 0x0c20  MozillaMaintenance - ok
18:44:43.0031 0x0c20  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:44:43.0031 0x0c20  mpio - ok
18:44:43.0062 0x0c20  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:44:43.0062 0x0c20  mpsdrv - ok
18:44:43.0124 0x0c20  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:44:43.0296 0x0c20  MpsSvc - ok
18:44:43.0343 0x0c20  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:44:43.0343 0x0c20  MRxDAV - ok
18:44:43.0390 0x0c20  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:44:43.0390 0x0c20  mrxsmb - ok
18:44:43.0421 0x0c20  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:44:43.0421 0x0c20  mrxsmb10 - ok
18:44:43.0436 0x0c20  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:44:43.0436 0x0c20  mrxsmb20 - ok
18:44:43.0483 0x0c20  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:44:43.0483 0x0c20  msahci - ok
18:44:43.0514 0x0c20  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:44:43.0546 0x0c20  msdsm - ok
18:44:43.0561 0x0c20  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:44:43.0561 0x0c20  MSDTC - ok
18:44:43.0592 0x0c20  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:44:43.0592 0x0c20  Msfs - ok
18:44:43.0624 0x0c20  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:44:43.0624 0x0c20  mshidkmdf - ok
18:44:43.0655 0x0c20  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:44:43.0655 0x0c20  msisadrv - ok
18:44:43.0686 0x0c20  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:44:43.0686 0x0c20  MSiSCSI - ok
18:44:43.0686 0x0c20  msiserver - ok
18:44:43.0733 0x0c20  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:44:43.0733 0x0c20  MSKSSRV - ok
18:44:43.0748 0x0c20  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:44:43.0748 0x0c20  MSPCLOCK - ok
18:44:43.0764 0x0c20  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:44:43.0764 0x0c20  MSPQM - ok
18:44:43.0842 0x0c20  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:44:43.0842 0x0c20  MsRPC - ok
18:44:43.0889 0x0c20  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:44:43.0889 0x0c20  mssmbios - ok
18:44:43.0920 0x0c20  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:44:43.0920 0x0c20  MSTEE - ok
18:44:43.0936 0x0c20  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:44:43.0936 0x0c20  MTConfig - ok
18:44:43.0951 0x0c20  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:44:43.0951 0x0c20  Mup - ok
18:44:44.0014 0x0c20  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:44:44.0029 0x0c20  napagent - ok
18:44:44.0092 0x0d3c  Object send P2P result: true
18:44:44.0123 0x0c20  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:44:44.0123 0x0c20  NativeWifiP - ok
18:44:44.0232 0x0c20  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:44:44.0279 0x0c20  NDIS - ok
18:44:44.0310 0x0c20  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:44:44.0326 0x0c20  NdisCap - ok
18:44:44.0357 0x0c20  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:44:44.0357 0x0c20  NdisTapi - ok
18:44:44.0450 0x0c20  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:44:44.0450 0x0c20  Ndisuio - ok
18:44:44.0497 0x0c20  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:44:44.0513 0x0c20  NdisWan - ok
18:44:44.0544 0x0c20  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:44:44.0544 0x0c20  NDProxy - ok
18:44:44.0606 0x0c20  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:44:44.0606 0x0c20  NetBIOS - ok
18:44:44.0653 0x0c20  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:44:44.0669 0x0c20  NetBT - ok
18:44:44.0918 0x0c20  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
18:44:44.0918 0x0c20  Netlogon - ok
18:44:44.0965 0x0c20  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:44:44.0981 0x0c20  Netman - ok
18:44:45.0043 0x0c20  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:45.0090 0x0c20  NetMsmqActivator - ok
18:44:45.0121 0x0c20  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:45.0121 0x0c20  NetPipeActivator - ok
18:44:45.0152 0x0c20  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:44:45.0168 0x0c20  netprofm - ok
18:44:45.0199 0x0c20  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:45.0215 0x0c20  NetTcpActivator - ok
18:44:45.0215 0x0c20  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:45.0215 0x0c20  NetTcpPortSharing - ok
18:44:45.0262 0x0c20  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:44:45.0262 0x0c20  nfrd960 - ok
18:44:45.0308 0x0c20  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:44:45.0324 0x0c20  NlaSvc - ok
18:44:45.0340 0x0c20  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:44:45.0340 0x0c20  Npfs - ok
18:44:45.0355 0x0c20  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:44:45.0355 0x0c20  nsi - ok
18:44:45.0371 0x0c20  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:44:45.0371 0x0c20  nsiproxy - ok
18:44:45.0464 0x0c20  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:44:45.0511 0x0c20  Ntfs - ok
18:44:45.0527 0x0c20  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:44:45.0527 0x0c20  Null - ok
18:44:45.0605 0x0c20  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:44:45.0605 0x0c20  nvraid - ok
18:44:45.0652 0x0c20  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:44:45.0667 0x0c20  nvstor - ok
18:44:45.0698 0x0c20  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:44:45.0698 0x0c20  nv_agp - ok
18:44:45.0745 0x0c20  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:44:45.0761 0x0c20  ohci1394 - ok
18:44:45.0901 0x0c20  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:44:45.0932 0x0c20  ose64 - ok
18:44:46.0229 0x0c20  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:44:46.0666 0x0c20  osppsvc - ok
18:44:46.0744 0x0c20  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:44:46.0744 0x0c20  p2pimsvc - ok
18:44:46.0775 0x0c20  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:44:46.0775 0x0c20  p2psvc - ok
18:44:46.0806 0x0c20  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:44:46.0806 0x0c20  Parport - ok
18:44:46.0868 0x0c20  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:44:46.0868 0x0c20  partmgr - ok
18:44:46.0884 0x0c20  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:44:46.0884 0x0c20  PcaSvc - ok
18:44:46.0931 0x0c20  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:44:46.0946 0x0c20  pci - ok
18:44:46.0993 0x0c20  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:44:46.0993 0x0c20  pciide - ok
18:44:47.0024 0x0c20  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:44:47.0040 0x0c20  pcmcia - ok
18:44:47.0071 0x0c20  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:44:47.0071 0x0c20  pcw - ok
18:44:47.0102 0x0c20  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:44:47.0118 0x0c20  PEAUTH - ok
18:44:47.0212 0x0c20  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:44:47.0212 0x0c20  PerfHost - ok
18:44:47.0321 0x0c20  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:44:47.0368 0x0c20  pla - ok
18:44:47.0414 0x0c20  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:44:47.0414 0x0c20  PlugPlay - ok
18:44:47.0430 0x0c20  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:44:47.0430 0x0c20  PNRPAutoReg - ok
18:44:47.0461 0x0c20  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:44:47.0461 0x0c20  PNRPsvc - ok
18:44:47.0539 0x0c20  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:44:47.0555 0x0c20  PolicyAgent - ok
18:44:47.0586 0x0c20  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:44:47.0602 0x0c20  Power - ok
18:44:47.0617 0x0c20  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:44:47.0617 0x0c20  PptpMiniport - ok
18:44:47.0648 0x0c20  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:44:47.0664 0x0c20  Processor - ok
18:44:47.0711 0x0c20  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:44:47.0711 0x0c20  ProfSvc - ok
18:44:47.0726 0x0c20  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:44:47.0726 0x0c20  ProtectedStorage - ok
18:44:47.0774 0x0c20  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:44:47.0774 0x0c20  Psched - ok
18:44:47.0852 0x0c20  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:44:47.0899 0x0c20  ql2300 - ok
18:44:47.0946 0x0c20  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:44:47.0961 0x0c20  ql40xx - ok
18:44:48.0008 0x0c20  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:44:48.0008 0x0c20  QWAVE - ok
18:44:48.0039 0x0c20  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:44:48.0039 0x0c20  QWAVEdrv - ok
18:44:48.0055 0x0c20  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:44:48.0055 0x0c20  RasAcd - ok
18:44:48.0086 0x0c20  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:44:48.0086 0x0c20  RasAgileVpn - ok
18:44:48.0117 0x0c20  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:44:48.0133 0x0c20  RasAuto - ok
18:44:48.0164 0x0c20  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:44:48.0164 0x0c20  Rasl2tp - ok
18:44:48.0273 0x0c20  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:44:48.0383 0x0c20  RasMan - ok
18:44:48.0414 0x0c20  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:44:48.0414 0x0c20  RasPppoe - ok
18:44:48.0429 0x0c20  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:44:48.0429 0x0c20  RasSstp - ok
18:44:48.0476 0x0c20  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:44:48.0476 0x0c20  rdbss - ok
18:44:48.0492 0x0c20  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:44:48.0492 0x0c20  rdpbus - ok
18:44:48.0507 0x0c20  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:44:48.0507 0x0c20  RDPCDD - ok
18:44:48.0523 0x0c20  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:44:48.0523 0x0c20  RDPENCDD - ok
18:44:48.0539 0x0c20  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:44:48.0539 0x0c20  RDPREFMP - ok
18:44:48.0601 0x0c20  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:44:48.0601 0x0c20  RDPWD - ok
18:44:48.0663 0x0c20  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:44:48.0695 0x0c20  rdyboost - ok
18:44:48.0726 0x0c20  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:44:48.0726 0x0c20  RemoteAccess - ok
18:44:48.0741 0x0c20  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:44:48.0757 0x0c20  RemoteRegistry - ok
18:44:48.0773 0x0c20  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:44:48.0773 0x0c20  RpcEptMapper - ok
18:44:48.0773 0x0c20  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:44:48.0773 0x0c20  RpcLocator - ok
18:44:48.0851 0x0c20  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:44:48.0851 0x0c20  RpcSs - ok
18:44:48.0882 0x0c20  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:44:48.0882 0x0c20  rspndr - ok
18:44:48.0897 0x0c20  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
18:44:48.0897 0x0c20  SamSs - ok
18:44:48.0929 0x0c20  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:44:48.0944 0x0c20  sbp2port - ok
18:44:48.0975 0x0c20  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:44:48.0975 0x0c20  SCardSvr - ok
18:44:49.0022 0x0c20  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:44:49.0022 0x0c20  scfilter - ok
18:44:49.0100 0x0c20  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:44:49.0131 0x0c20  Schedule - ok
18:44:49.0163 0x0c20  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:44:49.0178 0x0c20  SCPolicySvc - ok
18:44:49.0287 0x0c20  [ D9CEBA132B17622C4349AF510348EE3E, 52C02367374467F10EE620924B1E47DD50159DA8EA61683F9742EA6704A501CB ] SDHookDriver    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys
18:44:49.0287 0x0c20  SDHookDriver - ok
18:44:49.0350 0x0c20  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:44:49.0350 0x0c20  SDRSVC - ok
18:44:49.0537 0x0c20  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
18:44:49.0631 0x0c20  SDScannerService - ok
18:44:49.0849 0x0c20  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:44:50.0145 0x0c20  SDUpdateService - ok
18:44:50.0208 0x0c20  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:44:50.0223 0x0c20  SDWSCService - ok
18:44:50.0239 0x0c20  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:44:50.0239 0x0c20  secdrv - ok
18:44:50.0286 0x0c20  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:44:50.0301 0x0c20  seclogon - ok
18:44:50.0333 0x0c20  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:44:50.0348 0x0c20  SENS - ok
18:44:50.0379 0x0c20  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:44:50.0411 0x0c20  SensrSvc - ok
18:44:50.0473 0x0c20  [ 255476B54C82A89416EFDF09FD62F107, 000A6F7F15177A08ED4E22DB1C06F9FF0F8D324541A3E7AF7F35123D9CA4122D ] Sentinel64      C:\Windows\System32\Drivers\Sentinel64.sys
18:44:50.0489 0x0c20  Sentinel64 - ok
18:44:50.0535 0x0c20  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:44:50.0551 0x0c20  Serenum - ok
18:44:50.0582 0x0c20  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:44:50.0598 0x0c20  Serial - ok
18:44:50.0645 0x0c20  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:44:50.0645 0x0c20  sermouse - ok
18:44:50.0691 0x0c20  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:44:50.0707 0x0c20  SessionEnv - ok
18:44:50.0754 0x0c20  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:44:50.0754 0x0c20  sffdisk - ok
18:44:50.0769 0x0c20  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:44:50.0769 0x0c20  sffp_mmc - ok
18:44:50.0785 0x0c20  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:44:50.0785 0x0c20  sffp_sd - ok
18:44:50.0785 0x0c20  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:44:50.0785 0x0c20  sfloppy - ok
18:44:50.0832 0x0c20  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:44:50.0941 0x0c20  SharedAccess - ok
18:44:50.0988 0x0c20  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:44:51.0003 0x0c20  ShellHWDetection - ok
18:44:51.0019 0x0c20  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:44:51.0019 0x0c20  SiSRaid2 - ok
18:44:51.0050 0x0c20  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:44:51.0050 0x0c20  SiSRaid4 - ok
18:44:51.0191 0x0c20  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:44:51.0206 0x0c20  SkypeUpdate - ok
18:44:51.0237 0x0c20  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:44:51.0253 0x0c20  Smb - ok
18:44:51.0300 0x0c20  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:44:51.0300 0x0c20  SNMPTRAP - ok
18:44:51.0425 0x0c20  [ 4945020BC094C322571184A6E8056B3A, 9E09257411F7C3631537D0198E0E64CDD1A697D80430F6379139B15A2BA8A6C9 ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
18:44:51.0425 0x0c20  SolidWorks Licensing Service - ok
18:44:51.0471 0x0c20  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:44:51.0487 0x0c20  spldr - ok
18:44:51.0596 0x0c20  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:44:51.0612 0x0c20  Spooler - ok
18:44:51.0815 0x0c20  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:44:51.0908 0x0c20  sppsvc - ok
18:44:51.0939 0x0c20  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:44:51.0939 0x0c20  sppuinotify - ok
18:44:51.0986 0x0c20  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:44:52.0002 0x0c20  srv - ok
18:44:52.0017 0x0c20  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:44:52.0033 0x0c20  srv2 - ok
18:44:52.0064 0x0c20  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:44:52.0064 0x0c20  srvnet - ok
18:44:52.0095 0x0c20  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:44:52.0095 0x0c20  SSDPSRV - ok
18:44:52.0095 0x0c20  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:44:52.0111 0x0c20  SstpSvc - ok
18:44:52.0142 0x0c20  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:44:52.0142 0x0c20  stexstor - ok
18:44:52.0251 0x0c20  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:44:52.0283 0x0c20  stisvc - ok
18:44:52.0314 0x0c20  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:44:52.0314 0x0c20  swenum - ok
18:44:52.0392 0x0c20  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:44:52.0407 0x0c20  swprv - ok
18:44:52.0470 0x0c20  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:44:52.0470 0x0c20  SynTP - ok
18:44:52.0844 0x0c20  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:44:52.0891 0x0c20  SysMain - ok
18:44:52.0938 0x0c20  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:44:52.0938 0x0c20  TabletInputService - ok
18:44:53.0000 0x0c20  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:44:53.0000 0x0c20  TapiSrv - ok
18:44:53.0016 0x0c20  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:44:53.0031 0x0c20  TBS - ok
18:44:53.0125 0x0c20  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:44:53.0172 0x0c20  Tcpip - ok
18:44:53.0250 0x0c20  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:44:53.0297 0x0c20  TCPIP6 - ok
18:44:53.0375 0x0c20  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:44:53.0375 0x0c20  tcpipreg - ok
18:44:53.0390 0x0c20  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:44:53.0390 0x0c20  TDPIPE - ok
18:44:53.0421 0x0c20  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:44:53.0421 0x0c20  TDTCP - ok
18:44:53.0468 0x0c20  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:44:53.0484 0x0c20  tdx - ok
18:44:53.0515 0x0c20  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:44:53.0531 0x0c20  TermDD - ok
18:44:53.0577 0x0c20  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:44:53.0593 0x0c20  TermService - ok
18:44:53.0624 0x0c20  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:44:53.0624 0x0c20  Themes - ok
18:44:53.0671 0x0c20  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:44:53.0671 0x0c20  THREADORDER - ok
18:44:53.0702 0x0c20  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:44:53.0702 0x0c20  TrkWks - ok
18:44:53.0765 0x0c20  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:44:53.0765 0x0c20  TrustedInstaller - ok
18:44:53.0811 0x0c20  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:44:53.0811 0x0c20  tssecsrv - ok
18:44:53.0858 0x0c20  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:44:53.0858 0x0c20  TsUsbFlt - ok
18:44:53.0936 0x0c20  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:44:53.0952 0x0c20  tunnel - ok
18:44:53.0967 0x0c20  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:44:53.0967 0x0c20  uagp35 - ok
18:44:54.0030 0x0c20  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:44:54.0045 0x0c20  udfs - ok
18:44:54.0061 0x0c20  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:44:54.0061 0x0c20  UI0Detect - ok
18:44:54.0108 0x0c20  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:44:54.0123 0x0c20  uliagpkx - ok
18:44:54.0155 0x0c20  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
18:44:54.0170 0x0c20  umbus - ok
18:44:54.0170 0x0c20  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:44:54.0186 0x0c20  UmPass - ok
18:44:54.0342 0x0c20  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:44:54.0482 0x0c20  UNS - ok
18:44:54.0591 0x0c20  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
18:44:54.0607 0x0c20  Updater Service - ok
18:44:54.0638 0x0c20  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:44:54.0654 0x0c20  upnphost - ok
18:44:54.0716 0x0c20  [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:44:54.0716 0x0c20  USBAAPL64 - ok
18:44:54.0747 0x0c20  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:44:54.0747 0x0c20  usbccgp - ok
18:44:54.0810 0x0c20  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:44:54.0825 0x0c20  usbcir - ok
18:44:54.0857 0x0c20  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:44:54.0857 0x0c20  usbehci - ok
18:44:54.0888 0x0c20  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:44:54.0888 0x0c20  usbhub - ok
18:44:54.0903 0x0c20  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:44:54.0903 0x0c20  usbohci - ok
18:44:54.0950 0x0c20  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:44:54.0950 0x0c20  usbprint - ok
18:44:55.0013 0x0c20  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
18:44:55.0013 0x0c20  usbscan - ok
18:44:55.0044 0x0c20  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:44:55.0059 0x0c20  USBSTOR - ok
18:44:55.0075 0x0c20  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:44:55.0091 0x0c20  usbuhci - ok
18:44:55.0169 0x0c20  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:44:55.0169 0x0c20  usbvideo - ok
18:44:55.0200 0x0c20  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:44:55.0200 0x0c20  UxSms - ok
18:44:55.0215 0x0c20  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
18:44:55.0231 0x0c20  VaultSvc - ok
18:44:55.0262 0x0c20  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:44:55.0278 0x0c20  vdrvroot - ok
18:44:55.0325 0x0c20  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:44:55.0340 0x0c20  vds - ok
18:44:55.0387 0x0c20  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:44:55.0387 0x0c20  vga - ok
18:44:55.0403 0x0c20  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:44:55.0403 0x0c20  VgaSave - ok
18:44:55.0449 0x0c20  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:44:55.0449 0x0c20  vhdmp - ok
18:44:55.0481 0x0c20  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:44:55.0481 0x0c20  viaide - ok
18:44:55.0512 0x0c20  VmodeNT - ok
18:44:55.0559 0x0c20  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:44:55.0574 0x0c20  volmgr - ok
18:44:55.0637 0x0c20  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:44:55.0637 0x0c20  volmgrx - ok
18:44:55.0824 0x0c20  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:44:55.0824 0x0c20  volsnap - ok
18:44:55.0871 0x0c20  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:44:55.0871 0x0c20  vsmraid - ok
18:44:56.0011 0x0c20  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:44:56.0073 0x0c20  VSS - ok
18:44:56.0167 0x0c20  [ B3CCE4854758F462706BEC469799EBEC, D4FAE06265E9F365E0D2A55C4123A4B6FEB80A5EDD1CC974F8A04C3EAFC81642 ] VTechUSBSocketService C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
18:44:56.0167 0x0c20  VTechUSBSocketService - ok
18:44:56.0198 0x0c20  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:44:56.0198 0x0c20  vwifibus - ok
18:44:56.0214 0x0c20  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:44:56.0214 0x0c20  vwififlt - ok
18:44:56.0245 0x0c20  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:44:56.0245 0x0c20  vwifimp - ok
18:44:56.0307 0x0c20  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:44:56.0323 0x0c20  W32Time - ok
18:44:56.0339 0x0c20  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:44:56.0354 0x0c20  WacomPen - ok
18:44:56.0385 0x0c20  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:44:56.0401 0x0c20  WANARP - ok
18:44:56.0401 0x0c20  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:44:56.0401 0x0c20  Wanarpv6 - ok
18:44:56.0495 0x0c20  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:44:56.0526 0x0c20  WatAdminSvc - ok
18:44:56.0619 0x0c20  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:44:56.0666 0x0c20  wbengine - ok
18:44:56.0869 0x0c20  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:44:56.0869 0x0c20  WbioSrvc - ok
18:44:56.0931 0x0c20  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:44:56.0931 0x0c20  wcncsvc - ok
18:44:56.0947 0x0c20  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:44:56.0963 0x0c20  WcsPlugInService - ok
18:44:56.0994 0x0c20  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:44:56.0994 0x0c20  Wd - ok
18:44:57.0072 0x0c20  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:44:57.0087 0x0c20  Wdf01000 - ok
18:44:57.0119 0x0c20  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:44:57.0119 0x0c20  WdiServiceHost - ok
18:44:57.0134 0x0c20  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:44:57.0134 0x0c20  WdiSystemHost - ok
18:44:57.0181 0x0c20  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:44:57.0181 0x0c20  WebClient - ok
18:44:57.0259 0x0c20  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:44:57.0259 0x0c20  Wecsvc - ok
18:44:57.0290 0x0c20  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:44:57.0290 0x0c20  wercplsupport - ok
18:44:57.0321 0x0c20  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:44:57.0321 0x0c20  WerSvc - ok
18:44:57.0353 0x0c20  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:44:57.0353 0x0c20  WfpLwf - ok
18:44:57.0368 0x0c20  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:44:57.0368 0x0c20  WIMMount - ok
18:44:57.0399 0x0c20  WinDefend - ok
18:44:57.0415 0x0c20  WinHttpAutoProxySvc - ok
18:44:57.0477 0x0c20  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:44:57.0477 0x0c20  Winmgmt - ok
18:44:57.0665 0x0c20  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:44:57.0743 0x0c20  WinRM - ok
18:44:57.0867 0x0c20  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:44:57.0883 0x0c20  WinUsb - ok
18:44:58.0070 0x0c20  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:44:58.0086 0x0c20  Wlansvc - ok
18:44:58.0133 0x0c20  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:44:58.0133 0x0c20  WmiAcpi - ok
18:44:58.0164 0x0c20  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:44:58.0164 0x0c20  wmiApSrv - ok
18:44:58.0195 0x0c20  WMPNetworkSvc - ok
18:44:58.0195 0x0c20  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:44:58.0211 0x0c20  WPCSvc - ok
18:44:58.0242 0x0c20  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:44:58.0242 0x0c20  WPDBusEnum - ok
18:44:58.0257 0x0c20  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:44:58.0273 0x0c20  ws2ifsl - ok
18:44:58.0273 0x0c20  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:44:58.0289 0x0c20  wscsvc - ok
18:44:58.0289 0x0c20  WSearch - ok
18:44:58.0491 0x0c20  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:44:58.0554 0x0c20  wuauserv - ok
18:44:58.0725 0x0c20  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:44:58.0741 0x0c20  WudfPf - ok
18:44:58.0772 0x0c20  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:44:58.0772 0x0c20  WUDFRd - ok
18:44:58.0788 0x0c20  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:44:58.0788 0x0c20  wudfsvc - ok
18:44:58.0850 0x0c20  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:44:58.0866 0x0c20  WwanSvc - ok
18:44:58.0866 0x0c20  ================ Scan global ===============================
18:44:58.0897 0x0c20  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:44:58.0944 0x0c20  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:44:58.0959 0x0c20  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:44:58.0991 0x0c20  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:44:59.0037 0x0c20  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:44:59.0037 0x0c20  [ Global ] - ok
18:44:59.0037 0x0c20  ================ Scan MBR ==================================
18:44:59.0053 0x0c20  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:44:59.0225 0x0c20  \Device\Harddisk0\DR0 - ok
18:44:59.0225 0x0c20  ================ Scan VBR ==================================
18:44:59.0225 0x0c20  [ AE11EAF46C2DB25EA843C8A9B22D2C6F ] \Device\Harddisk0\DR0\Partition1
18:44:59.0225 0x0c20  \Device\Harddisk0\DR0\Partition1 - ok
18:44:59.0240 0x0c20  [ 9BCBA138158CB02F8549D7D8565A56C3 ] \Device\Harddisk0\DR0\Partition2
18:44:59.0240 0x0c20  \Device\Harddisk0\DR0\Partition2 - ok
18:44:59.0240 0x0c20  ================ Scan generic autorun ======================
18:44:59.0927 0x0c20  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:45:00.0597 0x0c20  RtHDVCpl - ok
18:45:00.0613 0x0c20  SynTPEnh - ok
18:45:00.0660 0x0c20  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
18:45:00.0691 0x0c20  Acer ePower Management - ok
18:45:00.0738 0x0c20  [ 77AC8322178FB8F3117CDD3B6DC6E126, 2786198EE920D7788FA0DE376231D4E42AB68F6D5A1E87FAC1F3D7424D1ED493 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:45:00.0738 0x0c20  StartCCC - ok
18:45:00.0894 0x0c20  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
18:45:01.0112 0x0c20  SDTray - ok
18:45:01.0190 0x0c20  [ 4E95B1FDDC9E51678BFA2A723EAA94EF, B52F87C61486E9E1321048C50982A85A693CC08E2B1584B497CA9D0D2428BBE8 ] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
18:45:01.0206 0x0c20  AgentMonitor - ok
18:45:01.0299 0x0c20  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:45:01.0331 0x0c20  Sidebar - ok
18:45:01.0362 0x0c20  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:45:01.0377 0x0c20  mctadmin - ok
18:45:01.0424 0x0c20  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:45:01.0455 0x0c20  Sidebar - ok
18:45:01.0471 0x0c20  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:45:01.0471 0x0c20  mctadmin - ok
18:45:01.0580 0x0c20  [ 71BF080E5E659B8812851E1E243ED1BE, FA824DD274B781667FA2683DBDBB19B83C37198EB9C337B1AB8B5314657330D9 ] C:\Users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe
18:45:01.0580 0x0c20  plenty-row - ok
18:45:01.0627 0x0c20  lesson-guide - ok
18:45:01.0658 0x0c20  [ B74D20DAA2B383B7E065146E7ECBE47F, 3BA26F4848CFE19F482C68530FA0C82CE89FE238CC1DBA1A331D331987668EED ] C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe
18:45:01.0674 0x0c20  body-lesson - ok
18:45:01.0689 0x0c20  box-scratch - ok
18:45:01.0689 0x0c20  tooth-reflect - ok
18:45:01.0877 0x0c20  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
18:45:02.0079 0x0c20  Spybot-S&D Cleaning - ok
18:45:02.0111 0x0c20  zhlzhwhw - ok
18:45:02.0142 0x0c20  [ 9BF30D6BB29F69E909444DA055D4FD5F, 0F3616344D6C902C5986B12D0129E45AECDC79EEB824E3ED7F6B43E26D3DED12 ] C:\Users\R\AppData\Roaming\Gradeshower\gradeexperience.exe
18:45:02.0142 0x0c20  grade-collect - ok
18:45:02.0173 0x0c20  [ 25E3599280A9DDEA75525CF1FB74E692, FA3816E1AD3A8B9DB8546CAEBA52542F4104FFC55BC52BAA0655347361BD4582 ] C:\Users\R\AppData\Local\Stringdetermine\string-change.exe
18:45:02.0173 0x0c20  string-iron - ok
18:45:02.0173 0x0c20  Waiting for KSN requests completion. In queue: 316
18:45:03.0187 0x0c20  Waiting for KSN requests completion. In queue: 316
18:45:04.0201 0x0c20  Waiting for KSN requests completion. In queue: 316
18:45:05.0215 0x0c20  Waiting for KSN requests completion. In queue: 316
18:45:05.0402 0x0e54  Object required for P2P: [ ABBF174CB394F5C437410A788B7E404A ] iaStor
18:45:06.0229 0x0c20  Waiting for KSN requests completion. In queue: 290
18:45:07.0134 0x0e68  Object required for P2P: [ 25E3599280A9DDEA75525CF1FB74E692 ] C:\Users\R\AppData\Local\Stringdetermine\string-change.exe
18:45:07.0243 0x0c20  Waiting for KSN requests completion. In queue: 281
18:45:08.0257 0x0c20  Waiting for KSN requests completion. In queue: 281
18:45:09.0271 0x0c20  Waiting for KSN requests completion. In queue: 281
18:45:10.0285 0x0c20  Waiting for KSN requests completion. In queue: 281
18:45:10.0894 0x0e68  Object send P2P result: true
18:45:11.0050 0x0e54  Object send P2P result: true
18:45:11.0050 0x0e54  Object required for P2P: [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER
18:45:11.0299 0x0c20  Waiting for KSN requests completion. In queue: 260
18:45:12.0313 0x0c20  Waiting for KSN requests completion. In queue: 260
18:45:13.0327 0x0c20  Waiting for KSN requests completion. In queue: 260
18:45:13.0873 0x0e54  Object send P2P result: true
18:45:13.0889 0x0e54  Object required for P2P: [ 847D3AE376C0817161A14A82C8922A9E ] Netman
18:45:14.0341 0x0c20  Waiting for KSN requests completion. In queue: 199
18:45:15.0355 0x0c20  Waiting for KSN requests completion. In queue: 199
18:45:16.0120 0x0e54  Object send P2P result: true
18:45:16.0120 0x0e54  Object required for P2P: [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4
18:45:16.0369 0x0c20  Waiting for KSN requests completion. In queue: 111
18:45:17.0383 0x0c20  Waiting for KSN requests completion. In queue: 111
18:45:18.0397 0x0c20  Waiting for KSN requests completion. In queue: 111
18:45:18.0616 0x0e54  Object send P2P result: true
18:45:21.0954 0x0c20  AV detected via SS2: Spybot - Search and Destroy, C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe ( 2.3.39.0 ), 0x61000 ( enabled : updated )
18:45:22.0453 0x0c20  Win FW state via NFP2: enabled
18:45:26.0197 0x0c20  ============================================================
18:45:26.0197 0x0c20  Scan finished
18:45:26.0197 0x0c20  ============================================================
18:45:26.0213 0x0c18  Detected object count: 0
18:45:26.0213 0x0c18  Actual detected object count: 0

schrauber · 08.02.2015, 11:21

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Steve71037 · 08.02.2015, 19:32

hallo schrauber hier die jog datei von combofix:

Code:

ATTFilter

ComboFix 15-02-08.01 - R 08.02.2015  19:06:53.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3956.2727 [GMT 1:00]
ausgeführt von:: c:\users\R\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\R\AppData\Roaming\stowings.a
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-08 bis 2015-02-08  ))))))))))))))))))))))))))))))
.
.
2015-02-08 18:12 . 2015-02-08 18:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-07 17:40 . 2015-02-07 17:40	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-02-07 17:39 . 2015-02-07 17:39	--------	d--h--w-	c:\users\R\AppData\Roaming\Gradeshower
2015-02-07 14:01 . 2015-02-07 14:01	--------	d--h--w-	c:\users\R\AppData\Local\Stringdetermine
2015-02-07 13:40 . 2015-02-07 17:41	--------	d--h--w-	c:\users\R\AppData\Roaming\Syfdhbfin
2015-02-06 18:08 . 2015-02-06 18:08	--------	d--h--w-	c:\users\R\AppData\Roaming\Gradebone
2015-02-06 18:02 . 2015-02-07 17:41	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-06 17:55 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D9EF2A6-A3DA-489B-A849-301D9137E803}\mpengine.dll
2015-02-03 12:12 . 2015-02-07 17:41	--------	d--h--w-	c:\users\R\AppData\Roaming\Toothfinance
2015-02-02 01:25 . 2015-02-07 17:41	--------	d--h--w-	c:\users\R\AppData\Local\Boxlack
2015-02-01 19:12 . 2015-02-03 12:33	--------	d--h--w-	c:\users\R\AppData\Roaming\Azqo
2015-02-01 18:41 . 2015-02-01 18:41	--------	d--h--w-	c:\users\R\AppData\Roaming\Plenty-lock
2015-01-31 06:40 . 2015-01-31 06:46	--------	d-----w-	C:\FRST
2015-01-29 22:50 . 2015-01-29 22:50	--------	d--h--w-	c:\users\R\AppData\Roaming\Body-surprised
2015-01-29 22:48 . 2015-02-01 19:12	--------	d--h--w-	c:\users\R\AppData\Roaming\Ykcwbkgryi
2015-01-29 04:39 . 2015-01-29 22:48	--------	d--h--w-	c:\users\R\AppData\Local\Ipvqn
2015-01-24 13:05 . 2015-01-26 07:19	--------	d--h--w-	c:\users\R\AppData\Roaming\Yjiaex
2015-01-23 12:16 . 2015-01-28 14:53	--------	d--h--w-	c:\users\R\AppData\Local\Stringdig
2015-01-17 18:29 . 2015-01-23 13:07	--------	d--h--w-	c:\users\R\AppData\Roaming\Kvcnmxphf
2015-01-17 18:25 . 2015-01-17 18:25	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-01-15 07:51 . 2014-12-11 17:47	52736	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-01-15 07:51 . 2014-12-19 03:06	210432	----a-w-	c:\windows\system32\profsvc.dll
2015-01-15 07:51 . 2014-12-06 04:17	303616	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-15 07:51 . 2014-12-06 03:50	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-15 07:51 . 2014-12-06 03:50	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-15 07:51 . 2014-12-19 01:46	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-15 07:50 . 2014-12-12 05:35	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-15 07:50 . 2014-12-12 05:11	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-15 07:50 . 2014-12-12 05:31	503808	----a-w-	c:\windows\system32\srcore.dll
2015-01-15 07:50 . 2014-12-12 05:31	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-15 07:50 . 2014-12-12 05:31	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-15 07:50 . 2014-12-12 05:11	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-15 07:50 . 2014-12-12 05:07	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-01-11 06:55 . 2015-02-06 18:29	--------	d-----w-	c:\programdata\vowc
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 14:07 . 2014-10-25 11:56	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-07 14:06 . 2014-10-25 11:55	97496	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-17 18:25 . 2014-10-30 13:45	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-15 07:55 . 2011-08-12 20:36	113365784	----a-w-	c:\windows\system32\MRT.exe
2015-01-06 03:36 . 2011-04-23 10:46	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 20:12	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 20:12	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-11 21:04	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-11 21:04	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-11 21:04	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-11 21:04	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-11 21:04	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-11 21:04	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-11 21:04	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 21:04	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-11 20:59	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-11 20:59	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-11 20:59	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-11 20:59	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-11 20:59	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-11 20:59	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-11 20:59	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-11 20:59	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-11 20:59	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-11 20:59	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-11 20:59	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-11 20:59	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-11 20:59	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-11 20:59	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-11 20:59	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-11 20:59	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-11 20:59	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-11 20:59	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-11 20:59	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-11 20:59	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-11 20:59	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-11 20:59	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-11 20:59	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-11 20:59	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 20:59	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-11 20:59	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-11 20:59	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-11 20:59	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-11 20:59	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-11 20:59	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-11 20:59	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-11 20:59	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-11 20:59	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 20:59	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-11 20:59	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-11 20:59	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 20:59	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-11 20:59	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-11 20:59	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-11 20:59	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-10-25 11:55	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-10-25 11:55	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-18 19:47 . 2014-11-18 19:47	1691816	----a-w-	c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-11 20:59	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 19:43	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 19:43	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-11 20:59	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 19:43	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 19:43	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-11 20:59	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:19	1729744	----a-w-	c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plenty-row"="c:\users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe" [2015-02-01 152576]
"body-lesson"="c:\users\R\AppData\Roaming\Body-surprised\body-invest.exe" [2015-02-03 233472]
"grade-collect"="c:\users\R\AppData\Roaming\Gradeshower\gradeexperience.exe" [2015-02-07 83968]
"string-iron"="c:\users\R\AppData\Local\Stringdetermine\string-change.exe" [2015-02-07 180224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2014-06-20 401280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe\0bddel.exe
.
R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VmodeNT;VmodeNT; [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF15BDA.sys;c:\windows\SYSNATIVE\DRIVERS\AF15BDA.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 VTechUSBSocketService;VTechUSBSocketService;c:\program files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe;c:\program files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 16:17	2334928	----a-w-	c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-box-scratch - c:\users\R\AppData\Local\Boxlack\boxbat.exe
Wow6432Node-HKCU-Run-tooth-reflect - c:\users\R\AppData\Roaming\Toothfinance\tooth-phrase.exe
Wow6432Node-HKCU-Run-zhlzhwhw - c:\users\R\AppData\Roaming\Syfdhbfin\jijedhwhw.exe
SafeBoot-13652440.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SYMplus  Drehen  deu - c:\windows\IsUn0407.exe
AddRemove-SYMplus  Fräsen  deu - c:\windows\IsUn0407.exe
AddRemove-SYMplus Drehen deu - c:\windows\IsUn0407.exe
AddRemove-SYMplus Fräsen deu - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-08  19:15:21
ComboFix-quarantined-files.txt  2015-02-08 18:15
.
Vor Suchlauf: 17 Verzeichnis(se), 310.318.538.752 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 309.918.134.272 Bytes frei
.
- - End Of File - - 024FE320D1A8DE5995F0606B201EB685

schrauber · 09.02.2015, 06:43

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Steve71037 · 10.02.2015, 19:50

Hallo schrauber hier meine Ergebnisse:
mbam:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.02.2015
Suchlauf-Zeit: 18:57:17
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.10.10
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: R

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 357798
Verstrichene Zeit: 18 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.SurferSafe.C, HKU\S-1-5-21-1667074292-2624200287-3336342126-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Safer-Surf, In Quarantäne, [d4feb567602ae74f7ac7ef257392e719], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

ADWCleaner:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 10/02/2015 um 19:31:14
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : R - R-PC
# Gestarted von : C:\Users\R\Desktop\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\4badf4bdd46cf81e
Ordner Gelöscht : C:\UseRs\R\AppData\Local\DownloadManager

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\calcitapp.info
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mozilla-firefox.softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.calcitapp.info
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)

[C:\UseRs\R\AppData\Roaming\Mozilla\FiRefox\PRofiles\2t5bz360.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.H6aTLVuTQT.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumor[...]
[C:\UseRs\R\AppData\Roaming\Mozilla\FiRefox\PRofiles\2t5bz360.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.aNZW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.ne[...]
[C:\UseRs\R\AppData\Roaming\Mozilla\FiRefox\PRofiles\2t5bz360.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.vnMeLLIx.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorob[...]

*************************

AdwCleaner[R0].txt - [2545 Bytes] - [10/02/2015 19:27:32]
AdwCleaner[S0].txt - [2482 Bytes] - [10/02/2015 19:31:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2541  Bytes] ##########

JRTexe:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by R on 10.02.2015 at 19:36:09,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.02.2015 at 19:39:55,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by R (administrator) on R-PC on 10-02-2015 19:45:05
Running from C:\Users\R\Desktop\Trojaner
Loaded Profiles: R (Available profiles: R)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
() C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe
(VTech) C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechUSBSocketService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\xcopy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runonce.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\reg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\sfc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AgentMonitor] => C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [401280 2014-06-20] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [plenty-row] => C:\Users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe [152576 2015-02-01] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-02-03] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [grade-collect] => C:\Users\R\AppData\Roaming\Gradeshower\gradeexperience.exe [83968 2015-02-07] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [string-iron] => C:\Users\R\AppData\Local\Stringdetermine\string-change.exe [180224 2015-02-07] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [lesson-guide] => C:\Users\R\AppData\Roaming\Lesson-row\lesson-approach.exe [83456 2015-02-08] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [center_of_mass] => C:\Program Files\Microsoft Games\Pinball\cold_cathode_fluoresce\fraunhofer_lines.exe [388608 2014-12-30] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [box-scratch] => C:\Users\R\AppData\Roaming\Box_impress\box_disagree.exe [69632 2015-02-10] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [string-iron] => C:\Users\R\AppData\Local\Stringdetermine\string-change.exe [180224 2015-02-07] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [plenty-row] => C:\Users\R\AppData\Roaming\Plenty-lock\plenty-arm.exe [152576 2015-02-01] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [grade-collect] => C:\Users\R\AppData\Roaming\Gradeshower\gradeexperience.exe [83968 2015-02-07] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [body-lesson] => C:\Users\R\AppData\Roaming\Body-surprised\body-invest.exe [233472 2015-02-03] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [lesson-guide] => C:\Users\R\AppData\Roaming\Lesson-row\lesson-approach.exe [83456 2015-02-08] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [box-scratch] => C:\Users\R\AppData\Roaming\Box_impress\box_disagree.exe [69632 2015-02-10] ()
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1667074292-2624200287-3336342126-1000 -> {3384522D-3201-4969-9DEC-57B0BA01B6A6} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12]
FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-05]
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\extensions\cliqz@cliqz.com

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-19] (SolidWorks) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 VTechUSBSocketService; C:\Program Files (x86)\VTech\DownloadManager\Applications\AppAccessory\12051\VTechUSBSocketService\VTechServiceInstaller.exe [82824 2013-03-29] (VTech)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech                  )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2011-12-08] () [File not signed]
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-27] (Emsisoft GmbH)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2011-12-08] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S2 VmodeNT; C:\Windows\SysWow64\Drivers\VmodeNT.sys [2528 1998-01-21] (k&k)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 19:39 - 2015-02-10 19:40 - 00000755 _____ () C:\Users\R\Desktop\JRT.txt
2015-02-10 19:33 - 2015-02-10 19:33 - 00002621 _____ () C:\Users\R\Desktop\AdwCleaner[S0].txt
2015-02-10 19:26 - 2015-02-10 19:31 - 00000000 ____D () C:\AdwCleaner
2015-02-10 19:25 - 2015-02-10 19:25 - 00001375 _____ () C:\Users\R\Desktop\mbam.txt
2015-02-10 19:12 - 2015-02-10 19:12 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Box_impress
2015-02-10 18:56 - 2015-02-10 18:56 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-10 18:53 - 2015-02-10 18:54 - 02112512 _____ () C:\Users\R\Desktop\AdwCleaner_4.110.exe
2015-02-10 18:53 - 2015-02-10 18:53 - 01388274 _____ (Thisisu) C:\Users\R\Desktop\JRT.exe
2015-02-10 18:52 - 2015-02-10 18:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\R\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 19:30 - 2015-02-08 19:30 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Lesson-row
2015-02-08 19:15 - 2015-02-08 19:15 - 00020346 _____ () C:\ComboFix.txt
2015-02-08 18:50 - 2015-02-08 19:15 - 00000000 ____D () C:\Qoobox
2015-02-08 18:50 - 2015-02-08 19:13 - 00000000 ____D () C:\Windows\erdnt
2015-02-08 18:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-08 18:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-08 18:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-08 18:45 - 2015-02-08 18:46 - 05609947 ____R (Swearware) C:\Users\R\Desktop\ComboFix.exe
2015-02-07 18:40 - 2015-02-07 18:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-07 18:39 - 2015-02-07 18:39 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Gradeshower
2015-02-07 17:40 - 2015-02-07 17:40 - 00000000 ____D () C:\Users\R\Desktop\log
2015-02-07 15:01 - 2015-02-07 15:01 - 00000000 ___HD () C:\Users\R\AppData\Local\Stringdetermine
2015-02-07 14:40 - 2015-02-07 18:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Syfdhbfin
2015-02-06 19:46 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150206-194620.backup
2015-02-06 19:08 - 2015-02-06 19:08 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Gradebone
2015-02-06 19:02 - 2015-02-07 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 18:59 - 2015-02-07 15:43 - 00000000 ____D () C:\Users\R\Desktop\mbar
2015-02-06 18:56 - 2015-02-06 18:58 - 16466552 _____ (Malwarebytes Corp.) C:\Users\R\Desktop\mbar-1.08.3.1004.exe
2015-02-06 18:56 - 2015-02-06 18:57 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\R\Desktop\tdsskiller.exe
2015-02-03 13:12 - 2015-02-07 18:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Toothfinance
2015-02-02 02:25 - 2015-02-07 18:41 - 00000000 ___HD () C:\Users\R\AppData\Local\Boxlack
2015-02-01 20:12 - 2015-02-03 13:33 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Azqo
2015-02-01 19:41 - 2015-02-01 19:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Plenty-lock
2015-02-01 19:40 - 2015-02-10 19:43 - 00000008 _____ () C:\Windows\K
2015-01-31 08:06 - 2015-01-31 08:06 - 00274776 _____ () C:\Windows\Minidump\013115-21886-01.dmp
2015-01-31 07:40 - 2015-02-10 19:45 - 00000000 ____D () C:\FRST
2015-01-31 07:35 - 2015-01-31 07:35 - 00000000 _____ () C:\Users\R\defogger_reenable
2015-01-31 07:31 - 2015-02-10 19:45 - 00000000 ____D () C:\Users\R\Desktop\Trojaner
2015-01-29 23:50 - 2015-01-29 23:50 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Body-surprised
2015-01-29 23:48 - 2015-02-01 20:12 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Ykcwbkgryi
2015-01-29 05:39 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Local\Ipvqn
2015-01-27 08:18 - 2015-01-27 08:18 - 00000017 _____ () C:\Windows\㨀尀ؚ
2015-01-27 08:17 - 2015-01-27 08:17 - 00000030 _____ () C:\Windows\㨀尀̞
2015-01-26 20:56 - 2015-01-29 22:50 - 00000234 _____ () C:\Windows\[]
2015-01-26 20:50 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 20:29 - 2015-01-26 20:31 - 00000011 _____ () C:\Windows\㨀尀Í
2015-01-26 08:19 - 2015-01-27 08:17 - 00000035 _____ () C:\Windows\䉯䍊整䥅卋牖橒灦桴
2015-01-26 08:19 - 2015-01-27 08:17 - 00000031 _____ () C:\Windows\噓割晪瑰h氀牁桎
2015-01-26 08:19 - 2015-01-27 08:17 - 00000022 _____ () C:\Windows\䤀卋牖橒灦桴
2015-01-26 08:13 - 2015-01-26 08:13 - 00000017 _____ () C:\Windows\㨀尀ĕ
2015-01-25 19:18 - 2015-01-25 19:18 - 00000013 _____ () C:\Windows\㨀尀ت
2015-01-25 07:40 - 2015-01-25 07:40 - 00000017 _____ () C:\Windows\㨀尀ǹ
2015-01-25 07:39 - 2015-01-25 07:39 - 00000030 _____ () C:\Windows\㨀尀ԓ
2015-01-24 19:53 - 2015-01-24 19:53 - 00000011 _____ () C:\Windows\㨀尀Ó
2015-01-24 19:51 - 2015-01-24 19:52 - 00000011 _____ () C:\Windows\㨀尀Î
2015-01-24 14:05 - 2015-01-26 08:19 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Yjiaex
2015-01-24 13:56 - 2015-01-29 22:01 - 00000010 _____ () C:\Windows\礀䕳
2015-01-24 13:35 - 2015-01-24 13:35 - 00000013 _____ () C:\Windows\ÿÿ
2015-01-24 13:31 - 2015-01-24 13:31 - 00000015 _____ () C:\Windows\㨀尀Ĳ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀ͪ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀̮
2015-01-23 20:38 - 2015-01-23 20:38 - 00000015 _____ () C:\Windows\㨀尀Դ
2015-01-23 20:37 - 2015-01-26 08:12 - 00000082 _____ () C:\Windows\㨀尀̠
2015-01-23 19:35 - 2015-01-23 19:35 - 00000017 _____ () C:\Windows\㨀尀մ
2015-01-23 19:34 - 2015-01-23 19:34 - 00000017 _____ () C:\Windows\㨀尀֫
2015-01-23 19:33 - 2015-01-23 19:33 - 00000017 _____ () C:\Windows\㨀尀֢
2015-01-23 13:16 - 2015-01-28 15:53 - 00000000 ___HD () C:\Users\R\AppData\Local\Stringdig
2015-01-23 13:15 - 2015-01-23 13:16 - 00000030 _____ () C:\Windows\㨀尀˳
2015-01-21 21:42 - 2015-01-23 19:38 - 00000000 ____D () C:\Users\R\Desktop\Fotobuch 2
2015-01-17 19:29 - 2015-01-23 14:07 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Kvcnmxphf
2015-01-15 08:51 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 08:51 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 08:51 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 08:51 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-15 08:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 08:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 08:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 08:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 08:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 08:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 08:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-11 07:55 - 2015-02-10 18:52 - 00000000 ____D () C:\ProgramData\vowc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 19:43 - 2012-09-28 15:01 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-10 19:41 - 2014-10-25 10:09 - 00007685 _____ () C:\Windows\setupact.log
2015-02-10 19:41 - 2011-08-08 16:22 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-10 19:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-10 19:40 - 2010-10-18 13:42 - 01170312 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 19:40 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 19:40 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-10 18:57 - 2014-10-25 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 18:56 - 2014-10-25 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-10 18:56 - 2014-10-25 12:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-08 19:25 - 2014-10-25 12:52 - 00123948 _____ () C:\Windows\PFRO.log
2015-02-08 19:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-08 19:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 18:52 - 2014-08-09 10:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-07 15:05 - 2014-11-12 19:45 - 00001456 _____ () C:\Windows\win.ini
2015-02-06 19:44 - 2011-09-10 08:27 - 00000000 ____D () C:\Users\R\AppData\Local\CrashDumps
2015-02-03 15:13 - 2013-03-07 15:25 - 00000000 ____D () C:\ProgramData\tmp
2015-02-03 15:12 - 2012-12-15 16:58 - 00000000 ____D () C:\Users\R\Desktop\Christin
2015-01-31 08:06 - 2011-12-05 16:54 - 484860284 _____ () C:\Windows\MEMORY.DMP
2015-01-31 08:06 - 2011-12-05 16:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-31 07:54 - 2014-08-09 10:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-31 07:35 - 2011-04-22 08:33 - 00000000 ____D () C:\Users\R
2015-01-30 14:51 - 2014-12-13 21:46 - 00000000 ____D () C:\Users\R\Desktop\Nähen Christin
2015-01-28 15:53 - 2014-11-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-01-24 13:30 - 2013-08-27 14:23 - 00344064 ___SH () C:\Users\R\Desktop\Thumbs.db
2015-01-18 03:10 - 2015-01-07 20:47 - 00000000 ___HD () C:\Users\R\AppData\Local\Body-cover
2015-01-18 03:10 - 2014-10-05 19:31 - 00119898 _____ () C:\Windows\SysWOW64\bddel.dat
2015-01-17 19:26 - 2014-10-30 14:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-17 19:26 - 2012-09-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-17 19:25 - 2014-10-30 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-15 08:59 - 2013-08-15 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 08:55 - 2011-08-12 21:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-01-14 19:26 - 2014-01-14 19:26 - 0000108 _____ () C:\Users\R\AppData\Roaming\WB.CFG
2014-01-14 19:26 - 2014-01-14 19:26 - 0000005 _____ () C:\Users\R\AppData\Roaming\WBPU-TTL.DAT
2011-08-03 09:32 - 2011-08-03 09:32 - 0007602 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2011-12-04 21:25 - 2011-12-12 07:10 - 0000040 ___SH () C:\ProgramData\.zreglib

Some content of TEMP:
====================
C:\Users\R\AppData\Local\Temp\Quarantine.exe
C:\Users\R\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-06 21:37

==================== End Of Log ============================

--- --- ---

schrauber · 11.02.2015, 07:36

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Steve71037 · 12.02.2015, 17:21

Hallo schrauber , probleme habe ich keine aber irgendwie werden immer wieder Trojaner gefunden

sie selbst
ESET:

Code:

ATTFilter

C:\Users\R\Downloads\FFSetup270.exe	Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
C:\Users\R\Downloads\FreemakeAudioConverterSetup.exe	Win32/OpenCandy potenziell unsichere Anwendung	gelöscht - in Quarantäne kopiert
Arbeitsspeicher	Mehrere Bedrohungen

Checkup:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

schrauber · 13.02.2015, 06:34

das frische FRST Log fehlt noch

Steve71037 · 14.02.2015, 08:02

sorry.

Frst:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by R (administrator) on R-PC on 14-02-2015 07:25:10
Running from C:\Users\R\Desktop\Trojaner
Loaded Profiles: R (Available profiles: R)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\chkdsk.exe
() C:\Users\R\AppData\Local\Temp\Plenty_involved\plenty-position.exe
(Microsoft Corporation) C:\Windows\SysWOW64\sethc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
(Microsoft Corporation) C:\Windows\SysWOW64\runas.exe
(Microsoft Corporation) C:\Windows\SysWOW64\attrib.exe
(Microsoft Corporation) C:\Windows\SysWOW64\doskey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [plenty-row] => C:\Users\R\AppData\Local\Temp\Plenty_involved\plenty-position.exe [207872 2015-02-12] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [body-lesson] => C:\Users\R\AppData\Roaming\Body-recover\body-pension.exe [70656 2015-02-11] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [grade-collect] => C:\Users\R\AppData\Roaming\Gradeshower\gradeexperience.exe [83968 2015-02-07] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [string-iron] => C:\Users\R\AppData\Local\String-regret\stringexplore.exe [70656 2015-02-12] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [lesson-guide] => C:\Users\R\AppData\Roaming\Lesson-row\lesson-approach.exe [83456 2015-02-08] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [box-scratch] => C:\Users\R\AppData\Roaming\Box_impress\box_disagree.exe [69632 2015-02-10] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [tooth-reflect] => C:\Users\R\AppData\Roaming\Tooth-compare\toothchallenge.exe [70656 2015-02-11] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Run: [zhlzhwhw] => C:\Users\R\AppData\Local\Temp\Bomsgd\wjgthwhw.exe [174080 2015-02-12] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [tooth-reflect] => C:\Users\R\AppData\Roaming\Tooth-compare\toothchallenge.exe [70656 2015-02-11] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [plenty-row] => C:\Users\R\AppData\Local\Temp\Plenty_involved\plenty-position.exe [207872 2015-02-12] () <===== ATTENTION
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [box-scratch] => C:\Users\R\AppData\Roaming\Box_impress\box_disagree.exe [69632 2015-02-10] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [grade-collect] => C:\Users\R\AppData\Roaming\Gradeshower\gradeexperience.exe [83968 2015-02-07] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [string-iron] => C:\Users\R\AppData\Local\String-regret\stringexplore.exe [70656 2015-02-12] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [lesson-guide] => C:\Users\R\AppData\Roaming\Lesson-row\lesson-approach.exe [83456 2015-02-08] ()
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\RunOnce: [body-lesson] => C:\Users\R\AppData\Roaming\Body-recover\body-pension.exe [70656 2015-02-11] ()
BootExecute: autocheck autochk * sdnclean64.exebddel.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1667074292-2624200287-3336342126-1000 -> {3384522D-3201-4969-9DEC-57B0BA01B6A6} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll (Dassault Systèmes SolidWorks Corp.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\cliqz@cliqz.com.xpi [2014-08-12]
FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-05]
FF Extension: Click to call with Skype - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-26]
FF HKU\S-1-5-21-1667074292-2624200287-3336342126-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\2t5bz360.default\extensions\cliqz@cliqz.com

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868896 2010-06-11] (Acer Incorporated)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-19] (SolidWorks) [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514144 2009-10-02] (ITETech                  )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2015-02-12] () [File not signed]
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-27] (Emsisoft GmbH)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2015-02-12] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S2 VmodeNT; C:\Windows\SysWow64\Drivers\VmodeNT.sys [2528 1998-01-21] (k&k)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:00 - 2015-02-12 17:00 - 00000000 ___HD () C:\Users\R\AppData\Local\String-regret
2015-02-12 16:44 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 16:44 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 16:44 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 16:44 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:10 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 22:10 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 22:10 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 22:10 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 22:10 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 22:10 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 22:10 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 22:10 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 22:10 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 22:10 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 22:10 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 22:10 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 22:10 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 22:10 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 22:10 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 22:10 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 22:10 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 22:10 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 22:10 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 22:10 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 22:10 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 22:10 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 22:10 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 22:10 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 22:10 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 22:10 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 22:10 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 22:10 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 22:10 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 22:10 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 22:10 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 22:10 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 22:10 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 22:10 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 22:10 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 22:10 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 22:10 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 22:10 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 22:10 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 22:10 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 22:10 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 22:10 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 22:10 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 22:10 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 22:10 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 22:10 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 22:10 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 22:10 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 22:10 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 22:10 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 22:10 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 22:10 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 21:28 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 21:28 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 21:28 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 21:28 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 21:28 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 21:28 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 21:28 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 21:28 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 21:22 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 21:22 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 21:22 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 21:22 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 21:22 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 21:22 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 21:22 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 21:22 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 21:14 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 21:14 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 21:10 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 21:10 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 21:10 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 21:10 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 21:10 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 21:10 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 21:10 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 21:10 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 21:10 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 21:10 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 21:10 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 21:10 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 21:10 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 21:10 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 21:10 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 21:10 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 21:10 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 21:10 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 21:00 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 21:00 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 21:00 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 21:00 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 21:00 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 21:00 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 20:56 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:56 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 20:52 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 20:52 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 20:52 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 20:46 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:46 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 20:32 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 20:32 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 20:32 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 20:32 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 20:32 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 20:32 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 20:32 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 20:30 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 20:00 - 2015-02-11 20:00 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Body-recover
2015-02-11 19:31 - 2015-02-11 19:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-11 19:30 - 2015-02-11 19:30 - 02347384 _____ (ESET) C:\Users\R\Desktop\esetsmartinstaller_deu.exe
2015-02-11 19:30 - 2015-02-11 19:30 - 00852594 _____ () C:\Users\R\Desktop\SecurityCheck.exe
2015-02-11 19:30 - 2015-02-11 19:30 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Tooth-compare
2015-02-10 19:26 - 2015-02-10 19:31 - 00000000 ____D () C:\AdwCleaner
2015-02-10 19:12 - 2015-02-10 19:12 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Box_impress
2015-02-10 18:56 - 2015-02-10 18:56 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-10 18:53 - 2015-02-10 18:54 - 02112512 _____ () C:\Users\R\Desktop\AdwCleaner_4.110.exe
2015-02-10 18:53 - 2015-02-10 18:53 - 01388274 _____ (Thisisu) C:\Users\R\Desktop\JRT.exe
2015-02-10 18:52 - 2015-02-10 18:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\R\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-08 19:30 - 2015-02-08 19:30 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Lesson-row
2015-02-08 19:15 - 2015-02-08 19:15 - 00020346 _____ () C:\ComboFix.txt
2015-02-08 18:50 - 2015-02-08 19:15 - 00000000 ____D () C:\Qoobox
2015-02-08 18:50 - 2015-02-08 19:13 - 00000000 ____D () C:\Windows\erdnt
2015-02-08 18:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-08 18:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-08 18:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-08 18:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-08 18:45 - 2015-02-08 18:46 - 05609947 ____R (Swearware) C:\Users\R\Desktop\ComboFix.exe
2015-02-07 18:40 - 2015-02-07 18:40 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-07 18:39 - 2015-02-07 18:39 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Gradeshower
2015-02-07 17:40 - 2015-02-07 17:40 - 00000000 ____D () C:\Users\R\Desktop\log
2015-02-07 14:40 - 2015-02-07 18:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Syfdhbfin
2015-02-06 19:46 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150206-194620.backup
2015-02-06 19:08 - 2015-02-11 23:30 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Gradebone
2015-02-06 19:02 - 2015-02-07 18:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-06 18:59 - 2015-02-07 15:43 - 00000000 ____D () C:\Users\R\Desktop\mbar
2015-02-06 18:56 - 2015-02-06 18:58 - 16466552 _____ (Malwarebytes Corp.) C:\Users\R\Desktop\mbar-1.08.3.1004.exe
2015-02-06 18:56 - 2015-02-06 18:57 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\R\Desktop\tdsskiller.exe
2015-02-03 13:12 - 2015-02-07 18:41 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Toothfinance
2015-02-02 02:25 - 2015-02-07 18:41 - 00000000 ___HD () C:\Users\R\AppData\Local\Boxlack
2015-02-01 20:12 - 2015-02-03 13:33 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Azqo
2015-02-01 19:40 - 2015-02-12 03:38 - 00000008 _____ () C:\Windows\K
2015-01-31 08:06 - 2015-01-31 08:06 - 00274776 _____ () C:\Windows\Minidump\013115-21886-01.dmp
2015-01-31 07:40 - 2015-02-14 07:25 - 00000000 ____D () C:\FRST
2015-01-31 07:35 - 2015-01-31 07:35 - 00000000 _____ () C:\Users\R\defogger_reenable
2015-01-31 07:31 - 2015-02-14 07:25 - 00000000 ____D () C:\Users\R\Desktop\Trojaner
2015-01-29 23:48 - 2015-02-01 20:12 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Ykcwbkgryi
2015-01-29 05:39 - 2015-01-29 23:48 - 00000000 ___HD () C:\Users\R\AppData\Local\Ipvqn
2015-01-27 08:18 - 2015-01-27 08:18 - 00000017 _____ () C:\Windows\㨀尀ؚ
2015-01-27 08:17 - 2015-01-27 08:17 - 00000030 _____ () C:\Windows\㨀尀̞
2015-01-26 20:56 - 2015-01-29 22:50 - 00000234 _____ () C:\Windows\[]
2015-01-26 20:50 - 2015-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 20:29 - 2015-01-26 20:31 - 00000011 _____ () C:\Windows\㨀尀Í
2015-01-26 08:19 - 2015-01-27 08:17 - 00000035 _____ () C:\Windows\䉯䍊整䥅卋牖橒灦桴
2015-01-26 08:19 - 2015-01-27 08:17 - 00000031 _____ () C:\Windows\噓割晪瑰h氀牁桎
2015-01-26 08:19 - 2015-01-27 08:17 - 00000022 _____ () C:\Windows\䤀卋牖橒灦桴
2015-01-26 08:13 - 2015-01-26 08:13 - 00000017 _____ () C:\Windows\㨀尀ĕ
2015-01-25 19:18 - 2015-01-25 19:18 - 00000013 _____ () C:\Windows\㨀尀ت
2015-01-25 07:40 - 2015-01-25 07:40 - 00000017 _____ () C:\Windows\㨀尀ǹ
2015-01-25 07:39 - 2015-01-25 07:39 - 00000030 _____ () C:\Windows\㨀尀ԓ
2015-01-24 19:53 - 2015-01-24 19:53 - 00000011 _____ () C:\Windows\㨀尀Ó
2015-01-24 19:51 - 2015-01-24 19:52 - 00000011 _____ () C:\Windows\㨀尀Î
2015-01-24 14:05 - 2015-01-26 08:19 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Yjiaex
2015-01-24 13:56 - 2015-01-29 22:01 - 00000010 _____ () C:\Windows\礀䕳
2015-01-24 13:35 - 2015-01-24 13:35 - 00000013 _____ () C:\Windows\ÿÿ
2015-01-24 13:31 - 2015-01-24 13:31 - 00000015 _____ () C:\Windows\㨀尀Ĳ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀ͪ
2015-01-24 13:30 - 2015-01-24 13:30 - 00000017 _____ () C:\Windows\㨀尀̮
2015-01-23 20:38 - 2015-01-23 20:38 - 00000015 _____ () C:\Windows\㨀尀Դ
2015-01-23 20:37 - 2015-01-26 08:12 - 00000082 _____ () C:\Windows\㨀尀̠
2015-01-23 19:35 - 2015-01-23 19:35 - 00000017 _____ () C:\Windows\㨀尀մ
2015-01-23 19:34 - 2015-01-23 19:34 - 00000017 _____ () C:\Windows\㨀尀֫
2015-01-23 19:33 - 2015-01-23 19:33 - 00000017 _____ () C:\Windows\㨀尀֢
2015-01-23 13:16 - 2015-01-28 15:53 - 00000000 ___HD () C:\Users\R\AppData\Local\Stringdig
2015-01-23 13:15 - 2015-01-23 13:16 - 00000030 _____ () C:\Windows\㨀尀˳
2015-01-21 21:42 - 2015-01-23 19:38 - 00000000 ____D () C:\Users\R\Desktop\Fotobuch 2
2015-01-17 19:29 - 2015-01-23 14:07 - 00000000 ___HD () C:\Users\R\AppData\Roaming\Kvcnmxphf
2015-01-15 08:51 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 08:51 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 08:51 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 08:51 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 08:51 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 07:24 - 2012-09-28 15:01 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-14 07:23 - 2014-10-25 10:09 - 00008021 _____ () C:\Windows\setupact.log
2015-02-14 07:23 - 2011-08-08 16:22 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-14 07:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 04:19 - 2010-10-18 13:42 - 01354681 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 04:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 03:37 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 03:37 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 03:05 - 2012-05-18 16:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-13 03:04 - 2013-07-03 09:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-12 17:08 - 2014-10-25 12:52 - 00124890 _____ () C:\Windows\PFRO.log
2015-02-12 15:18 - 2015-01-11 07:55 - 00000000 ____D () C:\ProgramData\vowc
2015-02-12 15:04 - 2014-12-26 18:16 - 00000000 ____D () C:\ProgramData\VTech
2015-02-12 04:55 - 2011-12-08 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
2015-02-12 04:55 - 2011-12-08 16:22 - 00303616 _____ () C:\Windows\system32\Drivers\atksgt.sys
2015-02-12 04:55 - 2011-12-08 16:22 - 00035328 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2015-02-12 04:54 - 2010-09-08 04:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-12 04:52 - 2013-08-25 16:27 - 00000000 ____D () C:\ProgramData\Freemake
2015-02-12 04:52 - 2013-08-25 16:27 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-02-12 03:36 - 2009-07-14 05:45 - 00462680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:33 - 2014-12-12 19:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 03:33 - 2014-05-08 19:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:10 - 2014-11-12 19:45 - 00001456 _____ () C:\Windows\win.ini
2015-02-12 03:06 - 2013-08-15 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:03 - 2011-08-12 21:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 22:26 - 2011-09-10 08:27 - 00000000 ____D () C:\Users\R\AppData\Local\CrashDumps
2015-02-11 19:31 - 2010-10-18 23:32 - 00703358 _____ () C:\Windows\system32\perfh007.dat
2015-02-11 19:31 - 2010-10-18 23:32 - 00150910 _____ () C:\Windows\system32\perfc007.dat
2015-02-11 19:31 - 2009-07-14 06:13 - 01629644 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-10 19:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-10 18:57 - 2014-10-25 12:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-10 18:56 - 2014-10-25 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-10 18:56 - 2014-10-25 12:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-08 19:15 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-08 19:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 18:52 - 2014-08-09 10:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-03 15:13 - 2013-03-07 15:25 - 00000000 ____D () C:\ProgramData\tmp
2015-02-03 15:12 - 2012-12-15 16:58 - 00000000 ____D () C:\Users\R\Desktop\Christin
2015-01-31 08:06 - 2011-12-05 16:54 - 484860284 _____ () C:\Windows\MEMORY.DMP
2015-01-31 08:06 - 2011-12-05 16:54 - 00000000 ____D () C:\Windows\Minidump
2015-01-31 07:54 - 2014-08-09 10:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-31 07:35 - 2011-04-22 08:33 - 00000000 ____D () C:\Users\R
2015-01-30 14:51 - 2014-12-13 21:46 - 00000000 ____D () C:\Users\R\Desktop\Nähen Christin
2015-01-28 15:53 - 2014-11-10 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\schemas
2015-01-24 13:30 - 2013-08-27 14:23 - 00344064 ___SH () C:\Users\R\Desktop\Thumbs.db
2015-01-18 03:10 - 2015-01-07 20:47 - 00000000 ___HD () C:\Users\R\AppData\Local\Body-cover
2015-01-18 03:10 - 2014-10-05 19:31 - 00119898 _____ () C:\Windows\SysWOW64\bddel.dat
2015-01-17 19:26 - 2014-10-30 14:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-17 19:26 - 2012-09-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-17 19:25 - 2014-10-30 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== Files in the root of some directories =======

2014-01-14 19:26 - 2014-01-14 19:26 - 0000108 _____ () C:\Users\R\AppData\Roaming\WB.CFG
2014-01-14 19:26 - 2014-01-14 19:26 - 0000005 _____ () C:\Users\R\AppData\Roaming\WBPU-TTL.DAT
2011-08-03 09:32 - 2011-08-03 09:32 - 0007602 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2011-12-04 21:25 - 2011-12-12 07:10 - 0000040 ___SH () C:\ProgramData\.zreglib

Files to move or delete:
====================
C:\Users\R\AppData\Local\Temp\Plenty_involved\plenty-position.exe
C:\Users\R\AppData\Local\Temp\Bomsgd\wjgthwhw.exe


Some content of TEMP:
====================
C:\Users\R\AppData\Local\Temp\Quarantine.exe
C:\Users\R\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 00:49

==================== End Of Log ============================

--- --- ---

04.02.2015, 20:33	#2
schrauber /// the machine /// TB-Ausbilder	Warnmeldung von der Telecom , bedrohung duch Trojaner Hi, Addition.txt fehlt noch __________________ __________________

13.02.2015, 06:34	#14
schrauber /// the machine /// TB-Ausbilder	Warnmeldung von der Telecom , bedrohung duch Trojaner das frische FRST Log fehlt noch __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Warnmeldung von der Telecom , bedrohung duch Trojaner

Plagegeister aller Art und deren Bekämpfung: Warnmeldung von der Telecom , bedrohung duch Trojaner