| |
| |||||||
Log-Analyse und Auswertung: Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.02.2015, 19:02
| #1 |
| |  Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Hallo erstmal, Vor ein paar Tagen öffnete meine Frau, in meiner Abwesenheit, eine dieser "Mahn-Emails", worauf irgendwas den Rechner infizierte. Zu diesem Punkt hatte ich Avira Antivir installiert, welches aber erst bei einem Suchlaufs etwas fand. Leider wurde durch den Fund Avira geblockt und quittierte den Dienst. Also hatte ich Avira deinstalliert und Microsoft Security Essentials installiert. Suchlauf gestartet, mehrere Sachen gefunden. Leider kann ich ich die Log-Dateien nicht finden. Danach habe Malwarebytes Anti-Malware laufen lassen Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 28.01.2015 Suchlauf-Zeit: 15:18:06 Logdatei: mwb-log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.28.06 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Arty Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 336013 Verstrichene Zeit: 11 Min, 37 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 3 Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\last_name, In Quarantäne, [675f877529608caacd03a36e986a6d93], Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\file_type, In Quarantäne, [6d59b74511785fd71c7844bc7290659b], Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\product_group, In Quarantäne, [933300fc20690333f6da848dab57b050], Registrierungswerte: 1 Trojan.Agent.STPD, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cash_flow, C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\standard_account\slide.exe, In Quarantäne, [3f8742ba8207fd39a29356bd30d26d93] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 5 Trojan.Agent.STPD, C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\standard_account\slide.exe, In Quarantäne, [3f8742ba8207fd39a29356bd30d26d93], Trojan.Agent.ED, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\AUTHORITY_KEY_IDENTIFIER.EXE, In Quarantäne, [675f877529608caacd03a36e986a6d93], Trojan.Downloader, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\account.exe, In Quarantäne, [6d59b74511785fd71c7844bc7290659b], Trojan.Agent.ED, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\GLYPH_RUN.EXE, In Quarantäne, [933300fc20690333f6da848dab57b050], Trojan.Downloader, C:\Users\Arty\AppData\Local\Temp\{0000062D-3234-BE}, In Quarantäne, [9d2922da96f355e13460b848857db848], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Somit hoffe ich hier auf Hilfe FRST-Log Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Arty (administrator) on ARTY-PC on 05-02-2015 17:27:28
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\...\Run: [authenticator] => C:\ProgramData\Battle.net\Agent\Agent.3634\Logs\proxy\social.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-25] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF SelectedSearchEngine: Search
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml
Chrome:
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpD586.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-05 17:27 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-02-02 09:28 - 2015-02-02 09:28 - 00005615 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-03 10:48 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
2015-01-08 19:45 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-08 17:49 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 14:11 - 2015-01-09 03:35 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-08 13:40 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-08 09:30 - 2015-01-13 12:15 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-08 09:13 - 2015-01-29 20:14 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-01-07 17:21 - 2015-01-07 17:21 - 00000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiffex
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\VSTplugins
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\Audiffex
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\IO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 17:22 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 17:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 17:10 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 17:10 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 17:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 15:38 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-05 15:30 - 2014-10-23 19:47 - 01051625 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 14:12 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-05 03:40 - 2014-10-23 21:00 - 00048299 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-05 03:38 - 2009-07-14 05:51 - 00113342 _____ () C:\Windows\setupact.log
2015-02-05 03:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 22:23 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-04 01:10 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 01:02 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-03 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 10:48 - 2014-10-23 20:54 - 00337238 _____ () C:\Windows\PFRO.log
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-02-02 09:31 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-02 09:28 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-02 09:28 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-31 07:08 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 01:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 01:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 01:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-02 09:28 - 2015-02-02 09:28 - 0005615 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\AutoWifi.exe
C:\Users\Arty\AppData\Local\Temp\avgnt.exe
C:\Users\Arty\AppData\Local\Temp\devcon64.exe
C:\Users\Arty\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\SHSetup.exe
C:\Users\Arty\AppData\Local\Temp\sonarinst.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll
C:\Users\Arty\AppData\Local\Temp\sqlite3.exe
C:\Users\Arty\AppData\Local\Temp\tmp9DA5.exe
C:\Users\Arty\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
LastRegBack: 2015-02-03 08:41
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Arty at 2015-02-05 04:11:38
Running from C:\Users\Arty\Desktop\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Among the Sleep (HKLM-x32\...\Steam App 250620) (Version: - Krillbite Studio)
ampLion Free 64b 1.1.0 (HKLM\...\{C2953B54-6E35-4ed6-C589-48E7BBDA6575}_is1) (Version: - Audiffex)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version: - Traveller's Tales)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
MagicYUV Lossless Video Codec version 1.0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.0 - INNOMAGIC, Ltd.)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{1B46FA48-1BEA-4398-BF8A-0F606A9EA782}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{B50BBED4-5101-45A1-BA9D-93AEF3A638E3}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Plus (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Copperhead (HKLM-x32\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: 6.10 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version: - CAPCOM Co., Ltd.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
SagaraS Scriptmaker v5.6 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
Trove (HKLM-x32\...\Glyph Trove) (Version: - Trion Worlds, Inc.)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-768761217-1181827061-3865430075-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-768761217-1181827061-3865430075-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
28-01-2015 15:43:41 Windows Update
01-02-2015 06:45:54 Windows Update
02-02-2015 10:23:38 DirectX wurde installiert
03-02-2015 12:36:43 Avira EU-Cleaner - 03.02.2015 12:36
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2144AF35-9A61-4236-868A-164DDB87472E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {2840841F-6082-40BA-B7AE-C003CAFF599D} - System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {32D56694-C619-4102-9B72-B207A3FEA265} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7BB71679-3B53-4C39-ABEA-E42E567F6B67} - System32\Tasks\PCMeter\Startup => C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe [2014-10-23] (AddGadgets)
Task: {8878DC36-76C2-4F46-895F-9D4EA962A921} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {91E6A5E0-9426-436D-B859-221D8F5CA69F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA5AAAB9-BCFE-4F15-AFDD-DC68FA604A12} - System32\Tasks\{5E1338CB-AEDD-435A-87E5-1E5F3BD60E48} => pcalua.exe -a C:\Users\Arty\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-11-10 17:50 - 2014-11-10 17:50 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-16 22:02 - 2014-09-16 22:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00012520 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00015080 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00014056 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-10-27 09:22 - 2009-11-19 18:43 - 00135168 _____ () C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
2014-10-27 09:22 - 2009-11-16 13:25 - 00131072 _____ () C:\Program Files (x86)\Razer\Copperhead\razertra.exe
2014-08-28 08:19 - 2014-08-28 08:19 - 00034816 _____ () C:\Users\Arty\Desktop\Megui\tools\x264_10b\avs4x264mod.exe
2014-10-27 09:22 - 2005-08-17 13:23 - 00151552 _____ () C:\Program Files (x86)\Razer\Copperhead\download.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-02-19 17:51 - 2014-02-19 17:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-10-23 21:32 - 2013-04-14 11:00 - 00554496 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\splitter.ax
2014-10-23 21:32 - 2013-04-14 10:58 - 00080384 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\mkzlib.dll
2014-10-23 21:32 - 2013-04-14 10:58 - 00024576 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\mkunicode.dll
2013-01-06 14:47 - 2014-10-23 21:53 - 00082944 _____ () C:\Users\Arty\Desktop\Megui\MediaInfoWrapper.dll
2009-01-02 20:34 - 2014-10-23 21:53 - 00058368 _____ () C:\Users\Arty\Desktop\Megui\AvisynthWrapper.DLL
2014-10-23 22:03 - 2013-10-10 23:41 - 00233472 _____ () C:\Program Files (x86)\SagaraS Scriptmaker\Plugins\SplineResize.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Control Panel\Desktop\\Wallpaper ->
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: breakfast-phase => C:\Users\Arty\AppData\Local\Temp\Breakfast-job\breakfast-permit.exe
MSCONFIG\startupreg: zujlwuwh => C:\Users\Arty\AppData\Roaming\Xfithpyp\jbkwdqowuwh.exe
==================== Accounts: =============================
Administrator (S-1-5-21-768761217-1181827061-3865430075-500 - Administrator - Disabled)
Arty (S-1-5-21-768761217-1181827061-3865430075-1000 - Administrator - Enabled) => C:\Users\Arty
Gast (S-1-5-21-768761217-1181827061-3865430075-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2015 03:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000043a0218
ID des fehlerhaften Prozesses: 0x784
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (01/26/2015 10:14:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a64
Startzeit: 01d039484f6853d2
Endzeit: 3
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: a9ed4658-a53b-11e4-bc65-448a5b9df6ae
Error: (01/24/2015 10:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.91, Zeitstempel: 0x54bf0a96
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x10b4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Error: (01/22/2015 10:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2970
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Error: (01/22/2015 10:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2ba8
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Error: (01/22/2015 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2b10
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3
Error: (01/22/2015 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.99, Zeitstempel: 0x54aef409
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x1f0c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3
Error: (01/21/2015 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.99 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: b7c
Startzeit: 01d035a24b9c38a9
Endzeit: 2
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: d7379cb4-a195-11e4-9eb4-448a5b9df6ae
Error: (01/18/2015 06:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000004120218
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (01/17/2015 09:36:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 31.4.0.5487 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 27d8
Startzeit: 01d03294e99b05ae
Endzeit: 13
Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichts-ID: 714f5ce8-9e88-11e4-930f-448a5b9df6ae
System errors:
=============
Error: (02/05/2015 03:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/04/2015 10:25:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/04/2015 06:32:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/04/2015 06:32:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error: (02/04/2015 06:32:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/04/2015 01:10:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/03/2015 10:51:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/03/2015 06:03:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/03/2015 01:04:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/02/2015 06:37:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/28/2015 03:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c000000500000000043a021878401d03aa20aef1eabC:\Windows\Explorer.EXEunknown6ebc53a5-a695-11e4-ac3d-448a5b9df6ae
Error: (01/26/2015 10:14:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.91a6401d039484f6853d23C:\Program Files (x86)\Google\Chrome\Application\chrome.exea9ed4658-a53b-11e4-bc65-448a5b9df6ae
Error: (01/24/2015 10:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9154bf0a96KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b310b401d037b60ab329e6C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll48a020ff-a3a9-11e4-95ec-448a5b9df6ae
Error: (01/22/2015 10:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e297001d0368a35318474C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll7458b698-a27d-11e4-8678-448a5b9df6ae
Error: (01/22/2015 10:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e2ba801d0368a1d7741a3C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll5cac088a-a27d-11e4-8678-448a5b9df6ae
Error: (01/22/2015 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e2b1001d03689fe1b7417C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll48c30048-a27d-11e4-8678-448a5b9df6ae
Error: (01/22/2015 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.9954aef409KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b31f0c01d03644efb2c80dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll2e19185e-a238-11e4-8678-448a5b9df6ae
Error: (01/21/2015 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.99b7c01d035a24b9c38a92C:\Program Files (x86)\Google\Chrome\Application\chrome.exed7379cb4-a195-11e4-9eb4-448a5b9df6ae
Error: (01/18/2015 06:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c0000005000000000412021876c01d032e025aeed43C:\Windows\Explorer.EXEunknown7bba6ed2-9ed3-11e4-973f-448a5b9df6ae
Error: (01/17/2015 09:36:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.4.0.548727d801d03294e99b05ae13C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe714f5ce8-9e88-11e4-930f-448a5b9df6ae
CodeIntegrity Errors:
===================================
Date: 2014-11-02 06:33:16.876
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 06:33:16.829
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-01 06:11:09.949
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-01 06:11:09.887
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 20:08:58.837
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 20:08:58.774
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 09:38:38.600
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-31 09:38:38.560
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8125.21 MB
Available physical RAM: 4224.78 MB
Total Pagefile: 16248.61 MB
Available Pagefile: 11675.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:372.51 GB) (Free:197.9 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:465.75 GB) (Free:192.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Volume) (Fixed) (Total:1863.01 GB) (Free:1630.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: E025EFE9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=372.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DE4CDE4C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00916640)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-05 17:47:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725040VLAT80 rev.V5COA42A 372,61GB
Running: Gmer-19357.exe; Driver: C:\Users\Arty\AppData\Local\Temp\kxldrpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674 fffff800033b1092 4 bytes [00, 00, 00, 00]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 681 fffff800033b1099 9 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\PnkBstrA.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Windows\system32\PnkBstrA.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DispatchMessageW 000000007584787b 5 bytes JMP 0000000170a3a040
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DispatchMessageA 0000000075847bbb 5 bytes JMP 0000000170a3a010
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075848a29 5 bytes JMP 0000000170a3aa20
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000075848e4e 5 bytes JMP 0000000170a3a1a0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DestroyWindow 0000000075849a55 5 bytes JMP 0000000170a3a170
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007584d22e 5 bytes JMP 0000000170a3a8e0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000758505ba 5 bytes JMP 0000000170a3a360
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075850dfb 5 bytes JMP 0000000170a3a070
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075851341 5 bytes JMP 0000000170a3a440
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075851361 5 bytes JMP 0000000170a3a3e0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect 00000000758528da 5 bytes JMP 0000000170a3a860
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetCursor 00000000758541f6 5 bytes JMP 0000000170a39920
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075855f74 5 bytes JMP 0000000170a3a300
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000075857b3b 5 bytes JMP 0000000170a3a3c0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!AnimateWindow 000000007585b531 5 bytes JMP 0000000170a3a210
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow 000000007585ba4a 5 bytes JMP 0000000170a3a790
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!WindowFromPoint 000000007586ed12 5 bytes JMP 0000000170a39940
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetCapture 000000007586ed56 5 bytes JMP 0000000170a3a2e0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 000000007586f170 5 bytes JMP 0000000170a3a2a0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000077055ea6 5 bytes JMP 0000000170a39970
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\GDI32.dll!StretchBlt 000000007705b895 5 bytes JMP 0000000170a39be0
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076181465 2 bytes [18, 76]
.text C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000761814bb 2 bytes [18, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DAC401B-95C5-479F-86CA-62DED1CF75DF}\offreg.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1008](2015-02-05 16:20:03) 000007feebd90000
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber 7601
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon 0
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec 1
---- EOF - GMER 2.1 ----
Ich bedanke mich schonmal |
|
05.02.2015, 19:27
| #2 |
| /// the machine /// TB-Ausbilder    | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
05.02.2015, 19:43
| #3 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Hey,
__________________danke für die schnelle Antwort Code:
ATTFilter 19:39:28.0690 0x165c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:39:35.0610 0x165c ============================================================
19:39:35.0610 0x165c Current date / time: 2015/02/05 19:39:35.0610
19:39:35.0610 0x165c SystemInfo:
19:39:35.0610 0x165c
19:39:35.0610 0x165c OS Version: 6.1.7601 ServicePack: 1.0
19:39:35.0610 0x165c Product type: Workstation
19:39:35.0610 0x165c ComputerName: ARTY-PC
19:39:35.0610 0x165c UserName: Arty
19:39:35.0610 0x165c Windows directory: C:\Windows
19:39:35.0610 0x165c System windows directory: C:\Windows
19:39:35.0610 0x165c Running under WOW64
19:39:35.0610 0x165c Processor architecture: Intel x64
19:39:35.0610 0x165c Number of processors: 8
19:39:35.0610 0x165c Page size: 0x1000
19:39:35.0610 0x165c Boot type: Normal boot
19:39:35.0610 0x165c ============================================================
19:39:37.0339 0x165c KLMD registered as C:\Windows\system32\drivers\26528119.sys
19:39:37.0624 0x165c System UUID: {D7F159AB-3360-B335-5E46-29ECA33905BD}
19:39:38.0053 0x165c Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xC9E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:39:38.0070 0x165c Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:38.0702 0x165c Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:38.0705 0x165c ============================================================
19:39:38.0705 0x165c \Device\Harddisk0\DR0:
19:39:38.0705 0x165c MBR partitions:
19:39:38.0705 0x165c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:39:38.0705 0x165c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2E905800
19:39:38.0706 0x165c \Device\Harddisk1\DR1:
19:39:38.0706 0x165c MBR partitions:
19:39:38.0706 0x165c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:39:38.0706 0x165c \Device\Harddisk2\DR2:
19:39:38.0706 0x165c MBR partitions:
19:39:38.0706 0x165c \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:39:38.0706 0x165c ============================================================
19:39:38.0737 0x165c C: <-> \Device\Harddisk0\DR0\Partition2
19:39:38.0759 0x165c D: <-> \Device\Harddisk0\DR0\Partition1
19:39:38.0781 0x165c F: <-> \Device\Harddisk1\DR1\Partition1
19:39:38.0789 0x165c G: <-> \Device\Harddisk2\DR2\Partition1
19:39:38.0789 0x165c ============================================================
19:39:38.0789 0x165c Initialize success
19:39:38.0789 0x165c ============================================================
19:40:38.0496 0x15b8 ============================================================
19:40:38.0496 0x15b8 Scan started
19:40:38.0496 0x15b8 Mode: Manual; SigCheck; TDLFS;
19:40:38.0496 0x15b8 ============================================================
19:40:38.0496 0x15b8 KSN ping started
19:40:41.0169 0x15b8 KSN ping finished: true
19:40:42.0114 0x15b8 ================ Scan system memory ========================
19:40:42.0114 0x15b8 System memory - ok
19:40:42.0115 0x15b8 ================ Scan services =============================
19:40:42.0205 0x15b8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:40:42.0231 0x15b8 1394ohci - ok
19:40:42.0257 0x15b8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:40:42.0266 0x15b8 ACPI - ok
19:40:42.0273 0x15b8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:40:42.0281 0x15b8 AcpiPmi - ok
19:40:42.0337 0x15b8 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:42.0343 0x15b8 AdobeARMservice - ok
19:40:42.0418 0x15b8 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:42.0426 0x15b8 AdobeFlashPlayerUpdateSvc - ok
19:40:42.0466 0x15b8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:42.0477 0x15b8 adp94xx - ok
19:40:42.0502 0x15b8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:40:42.0512 0x15b8 adpahci - ok
19:40:42.0524 0x15b8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:40:42.0531 0x15b8 adpu320 - ok
19:40:42.0562 0x15b8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:40:42.0581 0x15b8 AeLookupSvc - ok
19:40:42.0607 0x15b8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
19:40:42.0620 0x15b8 AFD - ok
19:40:42.0637 0x15b8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
19:40:42.0643 0x15b8 agp440 - ok
19:40:42.0652 0x15b8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:40:42.0658 0x15b8 ALG - ok
19:40:42.0668 0x15b8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
19:40:42.0673 0x15b8 aliide - ok
19:40:42.0703 0x15b8 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:40:42.0714 0x15b8 AMD External Events Utility - ok
19:40:42.0729 0x15b8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
19:40:42.0734 0x15b8 amdide - ok
19:40:42.0756 0x15b8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:40:42.0763 0x15b8 AmdK8 - ok
19:40:43.0282 0x15b8 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:40:43.0625 0x15b8 amdkmdag - ok
19:40:43.0686 0x15b8 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:40:43.0703 0x15b8 amdkmdap - ok
19:40:43.0735 0x15b8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:40:43.0742 0x15b8 AmdPPM - ok
19:40:43.0763 0x15b8 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:40:43.0770 0x15b8 amdsata - ok
19:40:43.0785 0x15b8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:43.0794 0x15b8 amdsbs - ok
19:40:43.0807 0x15b8 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:40:43.0812 0x15b8 amdxata - ok
19:40:43.0839 0x15b8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
19:40:43.0859 0x15b8 AppID - ok
19:40:43.0881 0x15b8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:40:43.0900 0x15b8 AppIDSvc - ok
19:40:43.0929 0x15b8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
19:40:43.0937 0x15b8 Appinfo - ok
19:40:43.0949 0x15b8 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
19:40:43.0958 0x15b8 AppMgmt - ok
19:40:43.0992 0x15b8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:40:43.0999 0x15b8 arc - ok
19:40:44.0009 0x15b8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:40:44.0015 0x15b8 arcsas - ok
19:40:44.0101 0x15b8 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:40:44.0108 0x15b8 aspnet_state - ok
19:40:44.0122 0x15b8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:44.0140 0x15b8 AsyncMac - ok
19:40:44.0157 0x15b8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
19:40:44.0162 0x15b8 atapi - ok
19:40:44.0185 0x15b8 [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:40:44.0193 0x15b8 AtiHDAudioService - ok
19:40:44.0252 0x15b8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:44.0283 0x15b8 AudioEndpointBuilder - ok
19:40:44.0300 0x15b8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:40:44.0329 0x15b8 AudioSrv - ok
19:40:44.0351 0x15b8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:40:44.0361 0x15b8 AxInstSV - ok
19:40:44.0400 0x15b8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:40:44.0414 0x15b8 b06bdrv - ok
19:40:44.0430 0x15b8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:40:44.0440 0x15b8 b57nd60a - ok
19:40:44.0463 0x15b8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:40:44.0471 0x15b8 BDESVC - ok
19:40:44.0484 0x15b8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:40:44.0503 0x15b8 Beep - ok
19:40:44.0545 0x15b8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
19:40:44.0564 0x15b8 BFE - ok
19:40:44.0630 0x15b8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
19:40:44.0663 0x15b8 BITS - ok
19:40:44.0699 0x15b8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:44.0706 0x15b8 blbdrive - ok
19:40:44.0732 0x15b8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:40:44.0739 0x15b8 bowser - ok
19:40:44.0751 0x15b8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:44.0759 0x15b8 BrFiltLo - ok
19:40:44.0767 0x15b8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:44.0774 0x15b8 BrFiltUp - ok
19:40:44.0810 0x15b8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
19:40:44.0819 0x15b8 Browser - ok
19:40:44.0834 0x15b8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:40:44.0844 0x15b8 Brserid - ok
19:40:44.0858 0x15b8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:44.0866 0x15b8 BrSerWdm - ok
19:40:44.0879 0x15b8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:44.0886 0x15b8 BrUsbMdm - ok
19:40:44.0911 0x15b8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:44.0918 0x15b8 BrUsbSer - ok
19:40:44.0925 0x15b8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:44.0933 0x15b8 BTHMODEM - ok
19:40:44.0964 0x15b8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:40:44.0984 0x15b8 bthserv - ok
19:40:45.0018 0x15b8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:40:45.0039 0x15b8 cdfs - ok
19:40:45.0060 0x15b8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:40:45.0068 0x15b8 cdrom - ok
19:40:45.0088 0x15b8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:40:45.0108 0x15b8 CertPropSvc - ok
19:40:45.0124 0x15b8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:40:45.0132 0x15b8 circlass - ok
19:40:45.0171 0x15b8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:40:45.0181 0x15b8 CLFS - ok
19:40:45.0278 0x15b8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:45.0284 0x15b8 clr_optimization_v2.0.50727_32 - ok
19:40:45.0399 0x15b8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:45.0405 0x15b8 clr_optimization_v2.0.50727_64 - ok
19:40:45.0573 0x15b8 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:45.0580 0x15b8 clr_optimization_v4.0.30319_32 - ok
19:40:45.0590 0x15b8 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:40:45.0598 0x15b8 clr_optimization_v4.0.30319_64 - ok
19:40:45.0623 0x15b8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:45.0631 0x15b8 CmBatt - ok
19:40:45.0646 0x15b8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:40:45.0651 0x15b8 cmdide - ok
19:40:45.0688 0x15b8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
19:40:45.0703 0x15b8 CNG - ok
19:40:45.0718 0x15b8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:40:45.0723 0x15b8 Compbatt - ok
19:40:45.0730 0x15b8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:40:45.0737 0x15b8 CompositeBus - ok
19:40:45.0739 0x15b8 COMSysApp - ok
19:40:45.0783 0x15b8 [ 44622785D2D2DD8B13E6DC969B6E34A4, 98F3D48A80A6C28776EF77782472428F107C6B4203A82537730679EA5E742521 ] copperhd C:\Windows\system32\drivers\copperhd.sys
19:40:45.0792 0x15b8 copperhd - ok
19:40:45.0818 0x15b8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:45.0823 0x15b8 crcdisk - ok
19:40:45.0854 0x15b8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:40:45.0863 0x15b8 CryptSvc - ok
19:40:45.0899 0x15b8 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
19:40:45.0914 0x15b8 CSC - ok
19:40:45.0940 0x15b8 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
19:40:45.0957 0x15b8 CscService - ok
19:40:46.0002 0x15b8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:40:46.0031 0x15b8 DcomLaunch - ok
19:40:46.0064 0x15b8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:40:46.0086 0x15b8 defragsvc - ok
19:40:46.0108 0x15b8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:40:46.0129 0x15b8 DfsC - ok
19:40:46.0149 0x15b8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:40:46.0172 0x15b8 Dhcp - ok
19:40:46.0196 0x15b8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:40:46.0215 0x15b8 discache - ok
19:40:46.0226 0x15b8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:40:46.0232 0x15b8 Disk - ok
19:40:46.0262 0x15b8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:40:46.0272 0x15b8 Dnscache - ok
19:40:46.0303 0x15b8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
19:40:46.0325 0x15b8 dot3svc - ok
19:40:46.0343 0x15b8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
19:40:46.0365 0x15b8 DPS - ok
19:40:46.0399 0x15b8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:40:46.0405 0x15b8 drmkaud - ok
19:40:46.0448 0x15b8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:40:46.0467 0x15b8 DXGKrnl - ok
19:40:46.0485 0x15b8 EagleX64 - ok
19:40:46.0516 0x15b8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:40:46.0537 0x15b8 EapHost - ok
19:40:46.0549 0x15b8 EasyAntiCheat - ok
19:40:46.0673 0x15b8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:40:46.0729 0x15b8 ebdrv - ok
19:40:46.0756 0x15b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
19:40:46.0761 0x15b8 EFS - ok
19:40:46.0800 0x15b8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:40:46.0817 0x15b8 ehRecvr - ok
19:40:46.0843 0x15b8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:40:46.0851 0x15b8 ehSched - ok
19:40:46.0980 0x15b8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:40:47.0007 0x15b8 elxstor - ok
19:40:47.0034 0x15b8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:40:47.0041 0x15b8 ErrDev - ok
19:40:47.0100 0x15b8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:40:47.0128 0x15b8 EventSystem - ok
19:40:47.0141 0x15b8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:40:47.0163 0x15b8 exfat - ok
19:40:47.0198 0x15b8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:40:47.0219 0x15b8 fastfat - ok
19:40:47.0269 0x15b8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
19:40:47.0285 0x15b8 Fax - ok
19:40:47.0299 0x15b8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:40:47.0306 0x15b8 fdc - ok
19:40:47.0316 0x15b8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:40:47.0335 0x15b8 fdPHost - ok
19:40:47.0363 0x15b8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:40:47.0382 0x15b8 FDResPub - ok
19:40:47.0389 0x15b8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:40:47.0395 0x15b8 FileInfo - ok
19:40:47.0407 0x15b8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:40:47.0427 0x15b8 Filetrace - ok
19:40:47.0448 0x15b8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:47.0455 0x15b8 flpydisk - ok
19:40:47.0493 0x15b8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:40:47.0502 0x15b8 FltMgr - ok
19:40:47.0566 0x15b8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
19:40:47.0590 0x15b8 FontCache - ok
19:40:47.0619 0x15b8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:47.0625 0x15b8 FontCache3.0.0.0 - ok
19:40:47.0656 0x15b8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:40:47.0662 0x15b8 FsDepends - ok
19:40:47.0703 0x15b8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:40:47.0708 0x15b8 Fs_Rec - ok
19:40:47.0744 0x15b8 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:40:47.0754 0x15b8 fvevol - ok
19:40:47.0768 0x15b8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:40:47.0774 0x15b8 gagp30kx - ok
19:40:47.0821 0x15b8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
19:40:47.0854 0x15b8 gpsvc - ok
19:40:47.0889 0x15b8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:47.0895 0x15b8 gupdate - ok
19:40:47.0899 0x15b8 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:47.0905 0x15b8 gupdatem - ok
19:40:47.0934 0x15b8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:40:47.0941 0x15b8 hcw85cir - ok
19:40:47.0972 0x15b8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:47.0985 0x15b8 HdAudAddService - ok
19:40:48.0000 0x15b8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:40:48.0010 0x15b8 HDAudBus - ok
19:40:48.0024 0x15b8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:40:48.0031 0x15b8 HidBatt - ok
19:40:48.0046 0x15b8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:40:48.0055 0x15b8 HidBth - ok
19:40:48.0069 0x15b8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:40:48.0078 0x15b8 HidIr - ok
19:40:48.0106 0x15b8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:40:48.0125 0x15b8 hidserv - ok
19:40:48.0152 0x15b8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:40:48.0157 0x15b8 HidUsb - ok
19:40:48.0181 0x15b8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:40:48.0201 0x15b8 hkmsvc - ok
19:40:48.0229 0x15b8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:40:48.0239 0x15b8 HomeGroupListener - ok
19:40:48.0263 0x15b8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:40:48.0272 0x15b8 HomeGroupProvider - ok
19:40:48.0283 0x15b8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:40:48.0289 0x15b8 HpSAMD - ok
19:40:48.0342 0x15b8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:40:48.0372 0x15b8 HTTP - ok
19:40:48.0392 0x15b8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:40:48.0397 0x15b8 hwpolicy - ok
19:40:48.0424 0x15b8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:40:48.0431 0x15b8 i8042prt - ok
19:40:48.0462 0x15b8 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:40:48.0472 0x15b8 iaStorV - ok
19:40:48.0535 0x15b8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:48.0553 0x15b8 idsvc - ok
19:40:48.0570 0x15b8 IEEtwCollectorService - ok
19:40:48.0615 0x15b8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:40:48.0621 0x15b8 iirsp - ok
19:40:48.0652 0x15b8 [ FF604BCE2537A4734DA0CE19AD9B7B7A, E40E87961F46B374122ED2B06E79C575FCFA4D29F95763ADC7E88270D064AFE8 ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
19:40:48.0658 0x15b8 ikbevent - ok
19:40:48.0713 0x15b8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
19:40:48.0733 0x15b8 IKEEXT - ok
19:40:48.0747 0x15b8 [ 298E67827BE3C4403C32EAB66987A334, BE7D95E2BB0D6D60B40966305D0354CA93F773FD2FA2727F1076DC8E162D5EB1 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
19:40:48.0753 0x15b8 imsevent - ok
19:40:48.0779 0x15b8 [ 4709FA618952E381ED9BF40B524E8EAC, FA6B7EEA1F122BE8731C4B26F5BA21F5B73F19BBD85F938AFF66E8558C793682 ] INETMON C:\Windows\System32\Drivers\INETMON.sys
19:40:48.0784 0x15b8 INETMON - ok
19:40:48.0901 0x15b8 [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:40:48.0963 0x15b8 IntcAzAudAddService - ok
19:40:49.0065 0x15b8 [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:40:49.0082 0x15b8 Intel(R) Capability Licensing Service TCP IP Interface - ok
19:40:49.0094 0x15b8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
19:40:49.0099 0x15b8 intelide - ok
19:40:49.0132 0x15b8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:40:49.0139 0x15b8 intelppm - ok
19:40:49.0167 0x15b8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:40:49.0188 0x15b8 IPBusEnum - ok
19:40:49.0221 0x15b8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:49.0242 0x15b8 IpFilterDriver - ok
19:40:49.0286 0x15b8 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:40:49.0312 0x15b8 iphlpsvc - ok
19:40:49.0330 0x15b8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:40:49.0337 0x15b8 IPMIDRV - ok
19:40:49.0368 0x15b8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:40:49.0387 0x15b8 IPNAT - ok
19:40:49.0401 0x15b8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:40:49.0409 0x15b8 IRENUM - ok
19:40:49.0427 0x15b8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:40:49.0432 0x15b8 isapnp - ok
19:40:49.0446 0x15b8 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:40:49.0455 0x15b8 iScsiPrt - ok
19:40:49.0487 0x15b8 [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT C:\Windows\system32\DRIVERS\ISCTD.sys
19:40:49.0494 0x15b8 ISCT - ok
19:40:49.0533 0x15b8 [ B6064D8C7500E416BC0B7CB2A8474D3A, 824CD7539398119DEF147EEDDBF010EA9B6184B8FA4B17BDDC0D9948F0F66991 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
19:40:49.0541 0x15b8 ISCTAgent - ok
19:40:49.0565 0x15b8 [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:40:49.0570 0x15b8 iusb3hcs - ok
19:40:49.0603 0x15b8 [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
19:40:49.0612 0x15b8 iusb3hub - ok
19:40:49.0646 0x15b8 [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:40:49.0662 0x15b8 iusb3xhc - ok
19:40:49.0696 0x15b8 [ BDC9C7931DB723CB1AF9F7075EA06645, EEBD5DC9C4656F14F8F0A0A5E84657B6B2BA35283E0E571119DA82F131D5C21B ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:40:49.0703 0x15b8 jhi_service - ok
19:40:49.0723 0x15b8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:49.0729 0x15b8 kbdclass - ok
19:40:49.0735 0x15b8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:49.0742 0x15b8 kbdhid - ok
19:40:49.0754 0x15b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
19:40:49.0761 0x15b8 KeyIso - ok
19:40:49.0789 0x15b8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:40:49.0795 0x15b8 KSecDD - ok
19:40:49.0808 0x15b8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:40:49.0815 0x15b8 KSecPkg - ok
19:40:49.0838 0x15b8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:40:49.0857 0x15b8 ksthunk - ok
19:40:49.0900 0x15b8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:40:49.0924 0x15b8 KtmRm - ok
19:40:49.0961 0x15b8 [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
19:40:49.0971 0x15b8 LADF_CaptureOnly - ok
19:40:49.0985 0x15b8 [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
19:40:49.0992 0x15b8 LADF_RenderOnly - ok
19:40:50.0025 0x15b8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:40:50.0048 0x15b8 LanmanServer - ok
19:40:50.0067 0x15b8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:50.0087 0x15b8 LanmanWorkstation - ok
19:40:50.0117 0x15b8 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:40:50.0121 0x15b8 LGBusEnum - ok
19:40:50.0149 0x15b8 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:40:50.0154 0x15b8 LGVirHid - ok
19:40:50.0182 0x15b8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:40:50.0201 0x15b8 lltdio - ok
19:40:50.0236 0x15b8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:40:50.0259 0x15b8 lltdsvc - ok
19:40:50.0270 0x15b8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:40:50.0289 0x15b8 lmhosts - ok
19:40:50.0344 0x15b8 [ A7D2A96187E5C5F4F7650900A15788AA, F131C3E8206A89A9244ECF2507F4FC1A8550E594A58F75338939A54C973078AF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:40:50.0354 0x15b8 LMS - ok
19:40:50.0369 0x15b8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:40:50.0376 0x15b8 LSI_FC - ok
19:40:50.0385 0x15b8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:40:50.0392 0x15b8 LSI_SAS - ok
19:40:50.0398 0x15b8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:40:50.0404 0x15b8 LSI_SAS2 - ok
19:40:50.0432 0x15b8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:40:50.0439 0x15b8 LSI_SCSI - ok
19:40:50.0454 0x15b8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:40:50.0475 0x15b8 luafv - ok
19:40:50.0494 0x15b8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:40:50.0502 0x15b8 Mcx2Svc - ok
19:40:50.0515 0x15b8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:40:50.0521 0x15b8 megasas - ok
19:40:50.0537 0x15b8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:40:50.0546 0x15b8 MegaSR - ok
19:40:50.0637 0x15b8 [ AFEA4FAABCE6F0C299E9231FF4F466BE, BCF0C50F02C4AC2784139935F3756F5C4D24FCAF07ACD9567B87991A9D1F16DB ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
19:40:50.0644 0x15b8 MEIx64 - ok
19:40:50.0675 0x15b8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:40:50.0694 0x15b8 MMCSS - ok
19:40:50.0718 0x15b8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:40:50.0737 0x15b8 Modem - ok
19:40:50.0762 0x15b8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:40:50.0770 0x15b8 monitor - ok
19:40:50.0783 0x15b8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:40:50.0789 0x15b8 mouclass - ok
19:40:50.0795 0x15b8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:40:50.0802 0x15b8 mouhid - ok
19:40:50.0821 0x15b8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:40:50.0827 0x15b8 mountmgr - ok
19:40:50.0854 0x15b8 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:40:50.0861 0x15b8 MozillaMaintenance - ok
19:40:50.0886 0x15b8 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:40:50.0896 0x15b8 MpFilter - ok
19:40:50.0913 0x15b8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
19:40:50.0920 0x15b8 mpio - ok
19:40:50.0942 0x15b8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:40:50.0963 0x15b8 mpsdrv - ok
19:40:51.0012 0x15b8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:40:51.0045 0x15b8 MpsSvc - ok
19:40:51.0074 0x15b8 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:40:51.0085 0x15b8 MRxDAV - ok
19:40:51.0121 0x15b8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:51.0129 0x15b8 mrxsmb - ok
19:40:51.0157 0x15b8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:51.0169 0x15b8 mrxsmb10 - ok
19:40:51.0194 0x15b8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:51.0203 0x15b8 mrxsmb20 - ok
19:40:51.0227 0x15b8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
19:40:51.0233 0x15b8 msahci - ok
19:40:51.0244 0x15b8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:40:51.0251 0x15b8 msdsm - ok
19:40:51.0261 0x15b8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:40:51.0270 0x15b8 MSDTC - ok
19:40:51.0300 0x15b8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:40:51.0320 0x15b8 Msfs - ok
19:40:51.0329 0x15b8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:40:51.0348 0x15b8 mshidkmdf - ok
19:40:51.0349 0x15b8 MSICDSetup - ok
19:40:51.0356 0x15b8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:40:51.0361 0x15b8 msisadrv - ok
19:40:51.0398 0x15b8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:40:51.0419 0x15b8 MSiSCSI - ok
19:40:51.0421 0x15b8 msiserver - ok
19:40:51.0453 0x15b8 [ 6AFCD25B843D0C731B6987E39995AE72, FD0F2E15B0CEB1E558BD8A02D59B9002706A003049678281A446BC4398862B70 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
19:40:51.0460 0x15b8 MSI_SuperCharger - ok
19:40:51.0472 0x15b8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:40:51.0490 0x15b8 MSKSSRV - ok
19:40:51.0537 0x15b8 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:40:51.0543 0x15b8 MsMpSvc - ok
19:40:51.0570 0x15b8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:51.0589 0x15b8 MSPCLOCK - ok
19:40:51.0597 0x15b8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:40:51.0616 0x15b8 MSPQM - ok
19:40:51.0646 0x15b8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:40:51.0661 0x15b8 MsRPC - ok
19:40:51.0677 0x15b8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:40:51.0684 0x15b8 mssmbios - ok
19:40:51.0692 0x15b8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:40:51.0710 0x15b8 MSTEE - ok
19:40:51.0721 0x15b8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:40:51.0728 0x15b8 MTConfig - ok
19:40:51.0742 0x15b8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:40:51.0748 0x15b8 Mup - ok
19:40:51.0789 0x15b8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
19:40:51.0813 0x15b8 napagent - ok
19:40:51.0849 0x15b8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:40:51.0862 0x15b8 NativeWifiP - ok
19:40:51.0906 0x15b8 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
19:40:51.0924 0x15b8 NDIS - ok
19:40:51.0937 0x15b8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:51.0956 0x15b8 NdisCap - ok
19:40:51.0964 0x15b8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:51.0985 0x15b8 NdisTapi - ok
19:40:52.0007 0x15b8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:52.0026 0x15b8 Ndisuio - ok
19:40:52.0062 0x15b8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:52.0082 0x15b8 NdisWan - ok
19:40:52.0101 0x15b8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:40:52.0120 0x15b8 NDProxy - ok
19:40:52.0149 0x15b8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:40:52.0166 0x15b8 NetBIOS - ok
19:40:52.0203 0x15b8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:40:52.0224 0x15b8 NetBT - ok
19:40:52.0238 0x15b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
19:40:52.0244 0x15b8 Netlogon - ok
19:40:52.0279 0x15b8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:40:52.0303 0x15b8 Netman - ok
19:40:52.0329 0x15b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0337 0x15b8 NetMsmqActivator - ok
19:40:52.0342 0x15b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0349 0x15b8 NetPipeActivator - ok
19:40:52.0370 0x15b8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:40:52.0395 0x15b8 netprofm - ok
19:40:52.0400 0x15b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0407 0x15b8 NetTcpActivator - ok
19:40:52.0411 0x15b8 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0418 0x15b8 NetTcpPortSharing - ok
19:40:52.0445 0x15b8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:40:52.0450 0x15b8 nfrd960 - ok
19:40:52.0473 0x15b8 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:40:52.0480 0x15b8 NisDrv - ok
19:40:52.0506 0x15b8 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
19:40:52.0517 0x15b8 NisSrv - ok
19:40:52.0545 0x15b8 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:40:52.0567 0x15b8 NlaSvc - ok
19:40:52.0578 0x15b8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:40:52.0597 0x15b8 Npfs - ok
19:40:52.0625 0x15b8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:40:52.0643 0x15b8 nsi - ok
19:40:52.0652 0x15b8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:40:52.0671 0x15b8 nsiproxy - ok
19:40:52.0727 0x15b8 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:40:52.0772 0x15b8 Ntfs - ok
19:40:52.0810 0x15b8 [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3 C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
19:40:52.0814 0x15b8 NTIOLib_1_0_3 - ok
19:40:52.0848 0x15b8 NTIOLib_1_0_C - ok
19:40:52.0867 0x15b8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:40:52.0885 0x15b8 Null - ok
19:40:52.0902 0x15b8 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:40:52.0909 0x15b8 nvraid - ok
19:40:52.0923 0x15b8 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:40:52.0930 0x15b8 nvstor - ok
19:40:52.0944 0x15b8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:40:52.0950 0x15b8 nv_agp - ok
19:40:52.0965 0x15b8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:40:52.0974 0x15b8 ohci1394 - ok
19:40:53.0093 0x15b8 [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
19:40:53.0124 0x15b8 Origin Client Service - ok
19:40:53.0191 0x15b8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:40:53.0203 0x15b8 p2pimsvc - ok
19:40:53.0245 0x15b8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:40:53.0258 0x15b8 p2psvc - ok
19:40:53.0343 0x15b8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:40:53.0351 0x15b8 Parport - ok
19:40:53.0391 0x15b8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:40:53.0397 0x15b8 partmgr - ok
19:40:53.0416 0x15b8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:40:53.0428 0x15b8 PcaSvc - ok
19:40:53.0449 0x15b8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
19:40:53.0457 0x15b8 pci - ok
19:40:53.0465 0x15b8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
19:40:53.0470 0x15b8 pciide - ok
19:40:53.0495 0x15b8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:40:53.0503 0x15b8 pcmcia - ok
19:40:53.0520 0x15b8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:40:53.0526 0x15b8 pcw - ok
19:40:53.0550 0x15b8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:40:53.0578 0x15b8 PEAUTH - ok
19:40:53.0638 0x15b8 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:40:53.0665 0x15b8 PeerDistSvc - ok
19:40:53.0726 0x15b8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:40:53.0733 0x15b8 PerfHost - ok
19:40:53.0795 0x15b8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
19:40:53.0833 0x15b8 pla - ok
19:40:53.0874 0x15b8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:40:53.0886 0x15b8 PlugPlay - ok
19:40:53.0912 0x15b8 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:40:53.0918 0x15b8 PnkBstrA - ok
19:40:53.0943 0x15b8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:40:53.0950 0x15b8 PNRPAutoReg - ok
19:40:53.0973 0x15b8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:40:53.0985 0x15b8 PNRPsvc - ok
19:40:54.0024 0x15b8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:40:54.0051 0x15b8 PolicyAgent - ok
19:40:54.0087 0x15b8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:40:54.0109 0x15b8 Power - ok
19:40:54.0122 0x15b8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:40:54.0141 0x15b8 PptpMiniport - ok
19:40:54.0149 0x15b8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:40:54.0156 0x15b8 Processor - ok
19:40:54.0175 0x15b8 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
19:40:54.0195 0x15b8 ProfSvc - ok
19:40:54.0206 0x15b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:54.0213 0x15b8 ProtectedStorage - ok
19:40:54.0238 0x15b8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:40:54.0258 0x15b8 Psched - ok
19:40:54.0320 0x15b8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:40:54.0346 0x15b8 ql2300 - ok
19:40:54.0363 0x15b8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:40:54.0370 0x15b8 ql40xx - ok
19:40:54.0421 0x15b8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
19:40:54.0433 0x15b8 QWAVE - ok
19:40:54.0444 0x15b8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:40:54.0453 0x15b8 QWAVEdrv - ok
19:40:54.0467 0x15b8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:40:54.0485 0x15b8 RasAcd - ok
19:40:54.0514 0x15b8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:54.0533 0x15b8 RasAgileVpn - ok
19:40:54.0548 0x15b8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
19:40:54.0569 0x15b8 RasAuto - ok
19:40:54.0606 0x15b8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:54.0625 0x15b8 Rasl2tp - ok
19:40:54.0663 0x15b8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
19:40:54.0686 0x15b8 RasMan - ok
19:40:54.0718 0x15b8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:54.0737 0x15b8 RasPppoe - ok
19:40:54.0748 0x15b8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:40:54.0768 0x15b8 RasSstp - ok
19:40:54.0790 0x15b8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:40:54.0812 0x15b8 rdbss - ok
19:40:54.0820 0x15b8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:40:54.0827 0x15b8 rdpbus - ok
19:40:54.0840 0x15b8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:54.0857 0x15b8 RDPCDD - ok
19:40:54.0877 0x15b8 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:40:54.0884 0x15b8 RDPDR - ok
19:40:54.0899 0x15b8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:40:54.0916 0x15b8 RDPENCDD - ok
19:40:54.0925 0x15b8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:40:54.0943 0x15b8 RDPREFMP - ok
19:40:54.0998 0x15b8 [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:40:55.0004 0x15b8 RdpVideoMiniport - ok
19:40:55.0030 0x15b8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:40:55.0042 0x15b8 RDPWD - ok
19:40:55.0076 0x15b8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:40:55.0085 0x15b8 rdyboost - ok
19:40:55.0112 0x15b8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:40:55.0133 0x15b8 RemoteAccess - ok
19:40:55.0166 0x15b8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:40:55.0188 0x15b8 RemoteRegistry - ok
19:40:55.0218 0x15b8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:40:55.0241 0x15b8 RpcEptMapper - ok
19:40:55.0264 0x15b8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
19:40:55.0271 0x15b8 RpcLocator - ok
19:40:55.0321 0x15b8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
19:40:55.0347 0x15b8 RpcSs - ok
19:40:55.0369 0x15b8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:40:55.0389 0x15b8 rspndr - ok
19:40:55.0441 0x15b8 [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:40:55.0458 0x15b8 RTL8167 - ok
19:40:55.0473 0x15b8 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:40:55.0479 0x15b8 s3cap - ok
19:40:55.0494 0x15b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
19:40:55.0500 0x15b8 SamSs - ok
19:40:55.0521 0x15b8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:40:55.0528 0x15b8 sbp2port - ok
19:40:55.0558 0x15b8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:40:55.0580 0x15b8 SCardSvr - ok
19:40:55.0597 0x15b8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:40:55.0615 0x15b8 scfilter - ok
19:40:55.0752 0x15b8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
19:40:55.0787 0x15b8 Schedule - ok
19:40:55.0820 0x15b8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:40:55.0838 0x15b8 SCPolicySvc - ok
19:40:55.0858 0x15b8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:40:55.0866 0x15b8 SDRSVC - ok
19:40:55.0900 0x15b8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:40:55.0918 0x15b8 secdrv - ok
19:40:55.0935 0x15b8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
19:40:55.0953 0x15b8 seclogon - ok
19:40:55.0977 0x15b8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
19:40:55.0999 0x15b8 SENS - ok
19:40:56.0009 0x15b8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:40:56.0016 0x15b8 SensrSvc - ok
19:40:56.0024 0x15b8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:40:56.0031 0x15b8 Serenum - ok
19:40:56.0038 0x15b8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:40:56.0046 0x15b8 Serial - ok
19:40:56.0065 0x15b8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:40:56.0071 0x15b8 sermouse - ok
19:40:56.0108 0x15b8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
19:40:56.0128 0x15b8 SessionEnv - ok
19:40:56.0135 0x15b8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:40:56.0143 0x15b8 sffdisk - ok
19:40:56.0150 0x15b8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:40:56.0157 0x15b8 sffp_mmc - ok
19:40:56.0167 0x15b8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:40:56.0174 0x15b8 sffp_sd - ok
19:40:56.0200 0x15b8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:40:56.0206 0x15b8 sfloppy - ok
19:40:56.0249 0x15b8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:40:56.0275 0x15b8 SharedAccess - ok
19:40:56.0317 0x15b8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:56.0340 0x15b8 ShellHWDetection - ok
19:40:56.0348 0x15b8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:40:56.0354 0x15b8 SiSRaid2 - ok
19:40:56.0362 0x15b8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:40:56.0368 0x15b8 SiSRaid4 - ok
19:40:56.0418 0x15b8 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:40:56.0428 0x15b8 SkypeUpdate - ok
19:40:56.0457 0x15b8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:40:56.0477 0x15b8 Smb - ok
19:40:56.0506 0x15b8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:40:56.0514 0x15b8 SNMPTRAP - ok
19:40:56.0529 0x15b8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
19:40:56.0534 0x15b8 spldr - ok
19:40:56.0578 0x15b8 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
19:40:56.0605 0x15b8 Spooler - ok
19:40:56.0715 0x15b8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
19:40:56.0787 0x15b8 sppsvc - ok
19:40:56.0820 0x15b8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:40:56.0839 0x15b8 sppuinotify - ok
19:40:56.0877 0x15b8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:40:56.0889 0x15b8 srv - ok
19:40:56.0910 0x15b8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:40:56.0921 0x15b8 srv2 - ok
19:40:56.0955 0x15b8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:40:56.0963 0x15b8 srvnet - ok
19:40:57.0018 0x15b8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:40:57.0042 0x15b8 SSDPSRV - ok
19:40:57.0061 0x15b8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:40:57.0081 0x15b8 SstpSvc - ok
19:40:57.0142 0x15b8 [ 00D1DA2916DC90BDB64942FE2BEB865B, 4FEE3AC3649F9E9879F4C083C4A6B1D6C0F2E0280C22ECD49E5FD4C842C8D346 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:40:57.0158 0x15b8 Steam Client Service - ok
19:40:57.0180 0x15b8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:40:57.0186 0x15b8 stexstor - ok
19:40:57.0221 0x15b8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
19:40:57.0239 0x15b8 stisvc - ok
19:40:57.0262 0x15b8 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:40:57.0268 0x15b8 storflt - ok
19:40:57.0283 0x15b8 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:40:57.0289 0x15b8 storvsc - ok
19:40:57.0297 0x15b8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
19:40:57.0303 0x15b8 swenum - ok
19:40:57.0383 0x15b8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
19:40:57.0410 0x15b8 swprv - ok
19:40:57.0419 0x15b8 Synth3dVsc - ok
19:40:57.0494 0x15b8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
19:40:57.0530 0x15b8 SysMain - ok
19:40:57.0557 0x15b8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:57.0566 0x15b8 TabletInputService - ok
19:40:57.0616 0x15b8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:40:57.0638 0x15b8 TapiSrv - ok
19:40:57.0668 0x15b8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
19:40:57.0688 0x15b8 TBS - ok
19:40:57.0756 0x15b8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:40:57.0787 0x15b8 Tcpip - ok
19:40:57.0833 0x15b8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:40:57.0862 0x15b8 TCPIP6 - ok
19:40:57.0885 0x15b8 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:40:57.0903 0x15b8 tcpipreg - ok
19:40:57.0938 0x15b8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:40:57.0944 0x15b8 TDPIPE - ok
19:40:57.0973 0x15b8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:40:57.0979 0x15b8 TDTCP - ok
19:40:58.0013 0x15b8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:40:58.0035 0x15b8 tdx - ok
19:40:58.0043 0x15b8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
19:40:58.0049 0x15b8 TermDD - ok
19:40:58.0090 0x15b8 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
19:40:58.0107 0x15b8 TermService - ok
19:40:58.0135 0x15b8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
19:40:58.0144 0x15b8 Themes - ok
19:40:58.0150 0x15b8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
19:40:58.0170 0x15b8 THREADORDER - ok
19:40:58.0177 0x15b8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
19:40:58.0196 0x15b8 TrkWks - ok
19:40:58.0245 0x15b8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:58.0265 0x15b8 TrustedInstaller - ok
19:40:58.0288 0x15b8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:58.0295 0x15b8 tssecsrv - ok
19:40:58.0309 0x15b8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:40:58.0315 0x15b8 TsUsbFlt - ok
19:40:58.0317 0x15b8 tsusbhub - ok
19:40:58.0338 0x15b8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:40:58.0357 0x15b8 tunnel - ok
19:40:58.0380 0x15b8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:40:58.0386 0x15b8 uagp35 - ok
19:40:58.0425 0x15b8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:40:58.0447 0x15b8 udfs - ok
19:40:58.0474 0x15b8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:40:58.0482 0x15b8 UI0Detect - ok
19:40:58.0493 0x15b8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:40:58.0499 0x15b8 uliagpkx - ok
19:40:58.0515 0x15b8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
19:40:58.0522 0x15b8 umbus - ok
19:40:58.0554 0x15b8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:40:58.0560 0x15b8 UmPass - ok
19:40:58.0597 0x15b8 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
19:40:58.0607 0x15b8 UmRdpService - ok
19:40:58.0642 0x15b8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
19:40:58.0665 0x15b8 upnphost - ok
19:40:58.0708 0x15b8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:40:58.0715 0x15b8 usbaudio - ok
19:40:58.0747 0x15b8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:58.0754 0x15b8 usbccgp - ok
19:40:58.0772 0x15b8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:40:58.0779 0x15b8 usbcir - ok
19:40:58.0812 0x15b8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:40:58.0819 0x15b8 usbehci - ok
19:40:58.0838 0x15b8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:40:58.0849 0x15b8 usbhub - ok
19:40:58.0862 0x15b8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:40:58.0869 0x15b8 usbohci - ok
19:40:58.0898 0x15b8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:40:58.0905 0x15b8 usbprint - ok
19:40:58.0927 0x15b8 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:58.0935 0x15b8 USBSTOR - ok
19:40:58.0946 0x15b8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:40:58.0952 0x15b8 usbuhci - ok
19:40:58.0975 0x15b8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
19:40:58.0994 0x15b8 UxSms - ok
19:40:59.0000 0x15b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
19:40:59.0006 0x15b8 VaultSvc - ok
19:40:59.0058 0x15b8 [ 4006E66939B4D716C990256CF93D4BC1, 5E9366D8B684768B0188077C05B52B29D43B9A401A73D81045B9823458334223 ] VBAudioVACMME C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys
19:40:59.0063 0x15b8 VBAudioVACMME - ok
19:40:59.0080 0x15b8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:40:59.0086 0x15b8 vdrvroot - ok
19:40:59.0125 0x15b8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
19:40:59.0151 0x15b8 vds - ok
19:40:59.0183 0x15b8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:59.0192 0x15b8 vga - ok
19:40:59.0200 0x15b8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:40:59.0219 0x15b8 VgaSave - ok
19:40:59.0220 0x15b8 VGPU - ok
19:40:59.0235 0x15b8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:40:59.0243 0x15b8 vhdmp - ok
19:40:59.0250 0x15b8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
19:40:59.0255 0x15b8 viaide - ok
19:40:59.0272 0x15b8 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:40:59.0281 0x15b8 vmbus - ok
19:40:59.0300 0x15b8 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:40:59.0306 0x15b8 VMBusHID - ok
19:40:59.0318 0x15b8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:40:59.0324 0x15b8 volmgr - ok
19:40:59.0350 0x15b8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:40:59.0360 0x15b8 volmgrx - ok
19:40:59.0370 0x15b8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:40:59.0379 0x15b8 volsnap - ok
19:40:59.0408 0x15b8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:40:59.0415 0x15b8 vsmraid - ok
19:40:59.0488 0x15b8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
19:40:59.0530 0x15b8 VSS - ok
19:40:59.0538 0x15b8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:40:59.0546 0x15b8 vwifibus - ok
19:40:59.0581 0x15b8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
19:40:59.0604 0x15b8 W32Time - ok
19:40:59.0628 0x15b8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:40:59.0635 0x15b8 WacomPen - ok
19:40:59.0654 0x15b8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:40:59.0672 0x15b8 WANARP - ok
19:40:59.0675 0x15b8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:40:59.0692 0x15b8 Wanarpv6 - ok
19:40:59.0756 0x15b8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
19:40:59.0785 0x15b8 wbengine - ok
19:40:59.0798 0x15b8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:40:59.0809 0x15b8 WbioSrvc - ok
19:40:59.0841 0x15b8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:40:59.0855 0x15b8 wcncsvc - ok
19:40:59.0880 0x15b8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:59.0887 0x15b8 WcsPlugInService - ok
19:40:59.0907 0x15b8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:40:59.0912 0x15b8 Wd - ok
19:40:59.0958 0x15b8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:40:59.0974 0x15b8 Wdf01000 - ok
19:40:59.0986 0x15b8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:40:59.0998 0x15b8 WdiServiceHost - ok
19:41:00.0001 0x15b8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:41:00.0012 0x15b8 WdiSystemHost - ok
19:41:00.0050 0x15b8 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
19:41:00.0065 0x15b8 WebClient - ok
19:41:00.0092 0x15b8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:41:00.0114 0x15b8 Wecsvc - ok
19:41:00.0131 0x15b8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:41:00.0152 0x15b8 wercplsupport - ok
19:41:00.0159 0x15b8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
19:41:00.0179 0x15b8 WerSvc - ok
19:41:00.0209 0x15b8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:00.0226 0x15b8 WfpLwf - ok
19:41:00.0234 0x15b8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:41:00.0240 0x15b8 WIMMount - ok
19:41:00.0251 0x15b8 WinDefend - ok
19:41:00.0263 0x15b8 WinHttpAutoProxySvc - ok
19:41:00.0323 0x15b8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:41:00.0345 0x15b8 Winmgmt - ok
19:41:00.0390 0x15b8 WinRing0_1_2_0 - ok
19:41:00.0473 0x15b8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
19:41:00.0523 0x15b8 WinRM - ok
19:41:00.0552 0x15b8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:00.0560 0x15b8 WinUsb - ok
19:41:00.0602 0x15b8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:41:00.0624 0x15b8 Wlansvc - ok
19:41:00.0644 0x15b8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:41:00.0651 0x15b8 WmiAcpi - ok
19:41:00.0680 0x15b8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:41:00.0689 0x15b8 wmiApSrv - ok
19:41:00.0710 0x15b8 WMPNetworkSvc - ok
19:41:00.0740 0x15b8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:41:00.0747 0x15b8 WPCSvc - ok
19:41:00.0774 0x15b8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:41:00.0783 0x15b8 WPDBusEnum - ok
19:41:00.0808 0x15b8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:41:00.0825 0x15b8 ws2ifsl - ok
19:41:00.0841 0x15b8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
19:41:00.0852 0x15b8 wscsvc - ok
19:41:00.0854 0x15b8 WSearch - ok
19:41:01.0065 0x15b8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
19:41:01.0107 0x15b8 wuauserv - ok
19:41:01.0122 0x15b8 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:41:01.0140 0x15b8 WudfPf - ok
19:41:01.0162 0x15b8 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:01.0182 0x15b8 WUDFRd - ok
19:41:01.0208 0x15b8 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:41:01.0227 0x15b8 wudfsvc - ok
19:41:01.0261 0x15b8 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:41:01.0275 0x15b8 WwanSvc - ok
19:41:01.0322 0x15b8 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
19:41:01.0340 0x15b8 xnacc - ok
19:41:01.0342 0x15b8 ================ Scan global ===============================
19:41:01.0379 0x15b8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:41:01.0401 0x15b8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:41:01.0412 0x15b8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:41:01.0443 0x15b8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:41:01.0464 0x15b8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:41:01.0468 0x15b8 [ Global ] - ok
19:41:01.0468 0x15b8 ================ Scan MBR ==================================
19:41:01.0479 0x15b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:41:01.0600 0x15b8 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
19:41:01.0600 0x15b8 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:41:02.0869 0x1680 Object required for P2P: [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK
19:41:04.0280 0x15b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:41:04.0431 0x15b8 \Device\Harddisk1\DR1 - ok
19:41:05.0086 0x15b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:41:05.0168 0x15b8 \Device\Harddisk2\DR2 - ok
19:41:05.0168 0x15b8 ================ Scan VBR ==================================
19:41:05.0170 0x15b8 [ 632A3749F19F5B2BA85962E5567E19EB ] \Device\Harddisk0\DR0\Partition1
19:41:05.0171 0x15b8 \Device\Harddisk0\DR0\Partition1 - ok
19:41:05.0172 0x15b8 [ EFDD704EE2CD7B9694F0617C5443D0A5 ] \Device\Harddisk0\DR0\Partition2
19:41:05.0173 0x15b8 \Device\Harddisk0\DR0\Partition2 - ok
19:41:05.0174 0x15b8 [ A193457624ED7282A21297A34FCB2B87 ] \Device\Harddisk1\DR1\Partition1
19:41:05.0175 0x15b8 \Device\Harddisk1\DR1\Partition1 - ok
19:41:05.0176 0x15b8 [ 4EFA31740DC501FB6E91B21980F68E48 ] \Device\Harddisk2\DR2\Partition1
19:41:05.0241 0x15b8 \Device\Harddisk2\DR2\Partition1 - ok
19:41:05.0242 0x15b8 ================ Scan generic autorun ======================
19:41:05.0487 0x15b8 [ A433600D55D6C7E165954009FA0149E0, DCEE341BF3AC501E150D64C9BF7FA697939D03480DF7A14BA28ACCB17F638D1C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:41:05.0707 0x15b8 RTHDVCPL - ok
19:41:05.0911 0x15b8 [ 920D0E9C8DD3879B45A547C9081E425B, FD7C4443B8D085526221F93581F0CDFCB0A9D886EB7A0FF01054DD4EC9E4EEA5 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
19:41:06.0080 0x15b8 ISCT Tray - ok
19:41:06.0462 0x15b8 [ E96A89F58BE362CFE38EDD5D9613E72A, C1102FB2BDC93C963D8DB9D0D4107A547D5E2FFE32A2437E70D0A3D91D1CF526 ] C:\Program Files\Logitech Gaming Software\LCore.exe
19:41:06.0807 0x15b8 Launch LCore - ok
19:41:06.0885 0x15b8 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
19:41:06.0924 0x15b8 MSC - ok
19:41:06.0998 0x15b8 [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
19:41:07.0010 0x15b8 USB3MON - ok
19:41:07.0097 0x15b8 [ B0FCC4B7BB21FA6112532D424EE1B1AD, 294EAD47F50C69A61D97AFB1A07BBC37D3FCA5F6DAABD05FF7372B282C2CD4EB ] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
19:41:07.0122 0x15b8 Super Charger - ok
19:41:07.0155 0x15b8 [ 12916E0642E92561C98B18A2A2D01B14, 4C28478CFE25E1F29AEF8BA6F2FAF3E6C2B34BF18CA77052813903E10ADDCCD5 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:41:07.0165 0x15b8 SunJavaUpdateSched - ok
19:41:07.0201 0x15b8 [ 3525994B92F56740C64B5412AEF1411D, 08FB7F8E1C34109699F9431D56CE0E502E165A01C7494BD7AE35A687C45CC942 ] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
19:41:07.0214 0x15b8 Copperhead - detected UnsignedFile.Multi.Generic ( 1 )
19:41:14.0202 0x15b8 Detect skipped due to KSN trusted
19:41:14.0202 0x15b8 Copperhead - ok
19:41:14.0344 0x15b8 [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
19:41:14.0365 0x15b8 Raptr - ok
19:41:14.0431 0x15b8 [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
19:41:14.0455 0x15b8 StartCCC - ok
19:41:14.0522 0x15b8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:41:14.0559 0x15b8 Sidebar - ok
19:41:14.0587 0x15b8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:41:14.0609 0x15b8 mctadmin - ok
19:41:14.0639 0x15b8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:41:14.0665 0x15b8 Sidebar - ok
19:41:14.0671 0x15b8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:41:14.0681 0x15b8 mctadmin - ok
19:41:14.0768 0x15b8 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
19:41:14.0814 0x15b8 Sidebar - ok
19:41:14.0851 0x15b8 authenticator - ok
19:41:14.0851 0x15b8 Waiting for KSN requests completion. In queue: 195
19:41:15.0851 0x15b8 Waiting for KSN requests completion. In queue: 195
19:41:16.0852 0x15b8 Waiting for KSN requests completion. In queue: 195
19:41:17.0539 0x1680 Object send P2P result: true
19:41:17.0545 0x1680 Object required for P2P: [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
19:41:17.0852 0x15b8 Waiting for KSN requests completion. In queue: 97
19:41:18.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:19.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:20.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:21.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:22.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:23.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:24.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:25.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:26.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:27.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:28.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:29.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:30.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:31.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:32.0852 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:33.0853 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:34.0853 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:35.0853 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:36.0853 0x15b8 Waiting for KSN requests completion. In queue: 90
19:41:37.0547 0x1680 Object send P2P result: false
19:41:37.0859 0x15b8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
19:41:37.0869 0x15b8 Win FW state via NFP2: enabled
19:41:40.0528 0x15b8 ============================================================
19:41:40.0528 0x15b8 Scan finished
19:41:40.0528 0x15b8 ============================================================
19:41:40.0532 0x1288 Detected object count: 1
19:41:40.0532 0x1288 Actual detected object count: 1
19:42:16.0986 0x1288 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:42:16.0986 0x1288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Geändert von IIArtyII (05.02.2015 um 19:43 Uhr) Grund: Rechtschreibung |
|
06.02.2015, 07:51
| #4 | |
| /// the machine /// TB-Ausbilder | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-BefallZitat:
Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.02.2015, 09:25
| #5 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-BefallCode:
ATTFilter 09:13:33.0743 0x118c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:13:36.0832 0x118c ============================================================
09:13:36.0832 0x118c Current date / time: 2015/02/06 09:13:36.0832
09:13:36.0832 0x118c SystemInfo:
09:13:36.0832 0x118c
09:13:36.0832 0x118c OS Version: 6.1.7601 ServicePack: 1.0
09:13:36.0832 0x118c Product type: Workstation
09:13:36.0832 0x118c ComputerName: ARTY-PC
09:13:36.0832 0x118c UserName: Arty
09:13:36.0832 0x118c Windows directory: C:\Windows
09:13:36.0832 0x118c System windows directory: C:\Windows
09:13:36.0832 0x118c Running under WOW64
09:13:36.0832 0x118c Processor architecture: Intel x64
09:13:36.0832 0x118c Number of processors: 8
09:13:36.0832 0x118c Page size: 0x1000
09:13:36.0832 0x118c Boot type: Normal boot
09:13:36.0832 0x118c ============================================================
09:13:39.0031 0x118c KLMD registered as C:\Windows\system32\drivers\34344064.sys
09:13:39.0452 0x118c System UUID: {D7F159AB-3360-B335-5E46-29ECA33905BD}
09:13:40.0092 0x118c Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xC9E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:13:40.0108 0x118c Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:45.0100 0x118c Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:45.0100 0x118c ============================================================
09:13:45.0100 0x118c \Device\Harddisk0\DR0:
09:13:45.0100 0x118c MBR partitions:
09:13:45.0100 0x118c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:13:45.0100 0x118c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2E905800
09:13:45.0100 0x118c \Device\Harddisk1\DR1:
09:13:45.0100 0x118c MBR partitions:
09:13:45.0100 0x118c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
09:13:45.0100 0x118c \Device\Harddisk2\DR2:
09:13:45.0100 0x118c MBR partitions:
09:13:45.0100 0x118c \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
09:13:45.0100 0x118c ============================================================
09:13:45.0146 0x118c C: <-> \Device\Harddisk0\DR0\Partition2
09:13:45.0178 0x118c D: <-> \Device\Harddisk0\DR0\Partition1
09:13:45.0193 0x118c F: <-> \Device\Harddisk1\DR1\Partition1
09:13:45.0193 0x118c G: <-> \Device\Harddisk2\DR2\Partition1
09:13:45.0193 0x118c ============================================================
09:13:45.0193 0x118c Initialize success
09:13:45.0193 0x118c ============================================================
09:13:56.0207 0x0d08 ============================================================
09:13:56.0207 0x0d08 Scan started
09:13:56.0207 0x0d08 Mode: Manual; SigCheck; TDLFS;
09:13:56.0207 0x0d08 ============================================================
09:13:56.0207 0x0d08 KSN ping started
09:13:58.0906 0x0d08 KSN ping finished: true
09:13:59.0888 0x0d08 ================ Scan system memory ========================
09:13:59.0888 0x0d08 System memory - ok
09:13:59.0888 0x0d08 ================ Scan services =============================
09:13:59.0966 0x0d08 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:14:00.0044 0x0d08 1394ohci - ok
09:14:00.0076 0x0d08 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:14:00.0091 0x0d08 ACPI - ok
09:14:00.0107 0x0d08 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:14:00.0185 0x0d08 AcpiPmi - ok
09:14:00.0232 0x0d08 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:14:00.0247 0x0d08 AdobeARMservice - ok
09:14:00.0325 0x0d08 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:14:00.0325 0x0d08 AdobeFlashPlayerUpdateSvc - ok
09:14:00.0372 0x0d08 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:14:00.0388 0x0d08 adp94xx - ok
09:14:00.0403 0x0d08 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:14:00.0419 0x0d08 adpahci - ok
09:14:00.0434 0x0d08 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:14:00.0450 0x0d08 adpu320 - ok
09:14:00.0466 0x0d08 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:14:00.0575 0x0d08 AeLookupSvc - ok
09:14:00.0606 0x0d08 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
09:14:00.0653 0x0d08 AFD - ok
09:14:00.0668 0x0d08 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:14:00.0684 0x0d08 agp440 - ok
09:14:00.0700 0x0d08 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:14:00.0746 0x0d08 ALG - ok
09:14:00.0762 0x0d08 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:14:00.0762 0x0d08 aliide - ok
09:14:00.0793 0x0d08 [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:14:00.0824 0x0d08 AMD External Events Utility - ok
09:14:00.0856 0x0d08 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:14:00.0871 0x0d08 amdide - ok
09:14:00.0902 0x0d08 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:14:00.0934 0x0d08 AmdK8 - ok
09:14:01.0511 0x0d08 [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:14:01.0854 0x0d08 amdkmdag - ok
09:14:01.0916 0x0d08 [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:14:01.0963 0x0d08 amdkmdap - ok
09:14:01.0979 0x0d08 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:14:02.0010 0x0d08 AmdPPM - ok
09:14:02.0026 0x0d08 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:14:02.0041 0x0d08 amdsata - ok
09:14:02.0057 0x0d08 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:14:02.0072 0x0d08 amdsbs - ok
09:14:02.0088 0x0d08 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:14:02.0088 0x0d08 amdxata - ok
09:14:02.0104 0x0d08 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
09:14:02.0213 0x0d08 AppID - ok
09:14:02.0244 0x0d08 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:14:02.0291 0x0d08 AppIDSvc - ok
09:14:02.0306 0x0d08 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
09:14:02.0353 0x0d08 Appinfo - ok
09:14:02.0353 0x0d08 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
09:14:02.0400 0x0d08 AppMgmt - ok
09:14:02.0431 0x0d08 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:14:02.0447 0x0d08 arc - ok
09:14:02.0447 0x0d08 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:14:02.0462 0x0d08 arcsas - ok
09:14:02.0556 0x0d08 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:14:02.0556 0x0d08 aspnet_state - ok
09:14:02.0572 0x0d08 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:14:02.0603 0x0d08 AsyncMac - ok
09:14:02.0618 0x0d08 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:14:02.0634 0x0d08 atapi - ok
09:14:02.0650 0x0d08 [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:14:02.0681 0x0d08 AtiHDAudioService - ok
09:14:02.0743 0x0d08 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:14:02.0790 0x0d08 AudioEndpointBuilder - ok
09:14:02.0821 0x0d08 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:14:02.0852 0x0d08 AudioSrv - ok
09:14:02.0868 0x0d08 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:14:02.0899 0x0d08 AxInstSV - ok
09:14:02.0946 0x0d08 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:14:02.0977 0x0d08 b06bdrv - ok
09:14:03.0008 0x0d08 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:14:03.0024 0x0d08 b57nd60a - ok
09:14:03.0071 0x0d08 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:14:03.0149 0x0d08 BDESVC - ok
09:14:03.0180 0x0d08 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:14:03.0211 0x0d08 Beep - ok
09:14:03.0258 0x0d08 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:14:03.0305 0x0d08 BFE - ok
09:14:03.0367 0x0d08 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:14:03.0414 0x0d08 BITS - ok
09:14:03.0430 0x0d08 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:14:03.0461 0x0d08 blbdrive - ok
09:14:03.0492 0x0d08 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:14:03.0523 0x0d08 bowser - ok
09:14:03.0539 0x0d08 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:14:03.0586 0x0d08 BrFiltLo - ok
09:14:03.0586 0x0d08 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:14:03.0601 0x0d08 BrFiltUp - ok
09:14:03.0632 0x0d08 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:14:03.0664 0x0d08 Browser - ok
09:14:03.0695 0x0d08 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:14:03.0757 0x0d08 Brserid - ok
09:14:03.0757 0x0d08 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:14:03.0788 0x0d08 BrSerWdm - ok
09:14:03.0788 0x0d08 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:14:03.0804 0x0d08 BrUsbMdm - ok
09:14:03.0835 0x0d08 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:14:03.0851 0x0d08 BrUsbSer - ok
09:14:03.0866 0x0d08 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:14:03.0898 0x0d08 BTHMODEM - ok
09:14:03.0913 0x0d08 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:14:03.0960 0x0d08 bthserv - ok
09:14:03.0976 0x0d08 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:14:04.0007 0x0d08 cdfs - ok
09:14:04.0038 0x0d08 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:14:04.0054 0x0d08 cdrom - ok
09:14:04.0085 0x0d08 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:14:04.0116 0x0d08 CertPropSvc - ok
09:14:04.0132 0x0d08 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:14:04.0147 0x0d08 circlass - ok
09:14:04.0194 0x0d08 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
09:14:04.0210 0x0d08 CLFS - ok
09:14:04.0256 0x0d08 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:14:04.0272 0x0d08 clr_optimization_v2.0.50727_32 - ok
09:14:04.0303 0x0d08 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:14:04.0303 0x0d08 clr_optimization_v2.0.50727_64 - ok
09:14:04.0366 0x0d08 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:14:04.0366 0x0d08 clr_optimization_v4.0.30319_32 - ok
09:14:04.0381 0x0d08 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:14:04.0381 0x0d08 clr_optimization_v4.0.30319_64 - ok
09:14:04.0412 0x0d08 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:14:04.0444 0x0d08 CmBatt - ok
09:14:04.0459 0x0d08 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:14:04.0459 0x0d08 cmdide - ok
09:14:04.0490 0x0d08 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
09:14:04.0506 0x0d08 CNG - ok
09:14:04.0522 0x0d08 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:14:04.0537 0x0d08 Compbatt - ok
09:14:04.0553 0x0d08 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:14:04.0568 0x0d08 CompositeBus - ok
09:14:04.0568 0x0d08 COMSysApp - ok
09:14:04.0615 0x0d08 [ 44622785D2D2DD8B13E6DC969B6E34A4, 98F3D48A80A6C28776EF77782472428F107C6B4203A82537730679EA5E742521 ] copperhd C:\Windows\system32\drivers\copperhd.sys
09:14:04.0662 0x0d08 copperhd - ok
09:14:04.0678 0x0d08 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:14:04.0693 0x0d08 crcdisk - ok
09:14:04.0724 0x0d08 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:14:04.0756 0x0d08 CryptSvc - ok
09:14:04.0802 0x0d08 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
09:14:04.0849 0x0d08 CSC - ok
09:14:04.0896 0x0d08 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
09:14:04.0927 0x0d08 CscService - ok
09:14:04.0974 0x0d08 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:14:05.0005 0x0d08 DcomLaunch - ok
09:14:05.0036 0x0d08 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:14:05.0068 0x0d08 defragsvc - ok
09:14:05.0114 0x0d08 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:14:05.0146 0x0d08 DfsC - ok
09:14:05.0161 0x0d08 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:14:05.0208 0x0d08 Dhcp - ok
09:14:05.0224 0x0d08 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:14:05.0255 0x0d08 discache - ok
09:14:05.0270 0x0d08 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:14:05.0286 0x0d08 Disk - ok
09:14:05.0317 0x0d08 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:14:05.0348 0x0d08 Dnscache - ok
09:14:05.0380 0x0d08 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:14:05.0411 0x0d08 dot3svc - ok
09:14:05.0426 0x0d08 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:14:05.0473 0x0d08 DPS - ok
09:14:05.0520 0x0d08 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:14:05.0536 0x0d08 drmkaud - ok
09:14:05.0582 0x0d08 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:14:05.0598 0x0d08 DXGKrnl - ok
09:14:05.0614 0x0d08 EagleX64 - ok
09:14:05.0645 0x0d08 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:14:05.0676 0x0d08 EapHost - ok
09:14:05.0676 0x0d08 EasyAntiCheat - ok
09:14:05.0801 0x0d08 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:14:05.0894 0x0d08 ebdrv - ok
09:14:05.0926 0x0d08 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
09:14:05.0957 0x0d08 EFS - ok
09:14:06.0004 0x0d08 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:14:06.0050 0x0d08 ehRecvr - ok
09:14:06.0066 0x0d08 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:14:06.0128 0x0d08 ehSched - ok
09:14:06.0175 0x0d08 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:14:06.0191 0x0d08 elxstor - ok
09:14:06.0206 0x0d08 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:14:06.0222 0x0d08 ErrDev - ok
09:14:06.0300 0x0d08 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:14:06.0331 0x0d08 EventSystem - ok
09:14:06.0362 0x0d08 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:14:06.0394 0x0d08 exfat - ok
09:14:06.0425 0x0d08 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:14:06.0440 0x0d08 fastfat - ok
09:14:06.0503 0x0d08 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:14:06.0550 0x0d08 Fax - ok
09:14:06.0550 0x0d08 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:14:06.0565 0x0d08 fdc - ok
09:14:06.0581 0x0d08 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:14:06.0612 0x0d08 fdPHost - ok
09:14:06.0643 0x0d08 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:14:06.0659 0x0d08 FDResPub - ok
09:14:06.0690 0x0d08 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:14:06.0706 0x0d08 FileInfo - ok
09:14:06.0706 0x0d08 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:14:06.0737 0x0d08 Filetrace - ok
09:14:06.0752 0x0d08 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:14:06.0752 0x0d08 flpydisk - ok
09:14:06.0784 0x0d08 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:14:06.0799 0x0d08 FltMgr - ok
09:14:06.0862 0x0d08 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
09:14:06.0908 0x0d08 FontCache - ok
09:14:06.0940 0x0d08 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:14:06.0955 0x0d08 FontCache3.0.0.0 - ok
09:14:06.0986 0x0d08 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:14:06.0986 0x0d08 FsDepends - ok
09:14:07.0018 0x0d08 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:14:07.0018 0x0d08 Fs_Rec - ok
09:14:07.0064 0x0d08 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:14:07.0064 0x0d08 fvevol - ok
09:14:07.0080 0x0d08 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:14:07.0096 0x0d08 gagp30kx - ok
09:14:07.0142 0x0d08 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:14:07.0205 0x0d08 gpsvc - ok
09:14:07.0236 0x0d08 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:14:07.0236 0x0d08 gupdate - ok
09:14:07.0252 0x0d08 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:14:07.0252 0x0d08 gupdatem - ok
09:14:07.0283 0x0d08 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:14:07.0314 0x0d08 hcw85cir - ok
09:14:07.0345 0x0d08 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:14:07.0361 0x0d08 HdAudAddService - ok
09:14:07.0376 0x0d08 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:14:07.0392 0x0d08 HDAudBus - ok
09:14:07.0408 0x0d08 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:14:07.0439 0x0d08 HidBatt - ok
09:14:07.0470 0x0d08 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:14:07.0486 0x0d08 HidBth - ok
09:14:07.0501 0x0d08 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:14:07.0517 0x0d08 HidIr - ok
09:14:07.0548 0x0d08 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:14:07.0595 0x0d08 hidserv - ok
09:14:07.0610 0x0d08 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:14:07.0626 0x0d08 HidUsb - ok
09:14:07.0642 0x0d08 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:14:07.0688 0x0d08 hkmsvc - ok
09:14:07.0720 0x0d08 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:14:07.0751 0x0d08 HomeGroupListener - ok
09:14:07.0782 0x0d08 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:14:07.0798 0x0d08 HomeGroupProvider - ok
09:14:07.0813 0x0d08 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:14:07.0813 0x0d08 HpSAMD - ok
09:14:07.0860 0x0d08 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:14:07.0907 0x0d08 HTTP - ok
09:14:07.0922 0x0d08 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:14:07.0938 0x0d08 hwpolicy - ok
09:14:07.0969 0x0d08 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:14:07.0969 0x0d08 i8042prt - ok
09:14:08.0000 0x0d08 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:14:08.0016 0x0d08 iaStorV - ok
09:14:08.0078 0x0d08 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:14:08.0110 0x0d08 idsvc - ok
09:14:08.0110 0x0d08 IEEtwCollectorService - ok
09:14:08.0156 0x0d08 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:14:08.0156 0x0d08 iirsp - ok
09:14:08.0188 0x0d08 [ FF604BCE2537A4734DA0CE19AD9B7B7A, E40E87961F46B374122ED2B06E79C575FCFA4D29F95763ADC7E88270D064AFE8 ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
09:14:08.0203 0x0d08 ikbevent - ok
09:14:08.0250 0x0d08 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:14:08.0297 0x0d08 IKEEXT - ok
09:14:08.0312 0x0d08 [ 298E67827BE3C4403C32EAB66987A334, BE7D95E2BB0D6D60B40966305D0354CA93F773FD2FA2727F1076DC8E162D5EB1 ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
09:14:08.0328 0x0d08 imsevent - ok
09:14:08.0328 0x0d08 [ 4709FA618952E381ED9BF40B524E8EAC, FA6B7EEA1F122BE8731C4B26F5BA21F5B73F19BBD85F938AFF66E8558C793682 ] INETMON C:\Windows\System32\Drivers\INETMON.sys
09:14:08.0344 0x0d08 INETMON - ok
09:14:08.0484 0x0d08 [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:14:08.0531 0x0d08 IntcAzAudAddService - ok
09:14:08.0640 0x0d08 [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:14:09.0014 0x0d08 Intel(R) Capability Licensing Service TCP IP Interface - ok
09:14:09.0030 0x0d08 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:14:09.0030 0x0d08 intelide - ok
09:14:09.0061 0x0d08 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:14:09.0077 0x0d08 intelppm - ok
09:14:09.0108 0x0d08 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:14:09.0139 0x0d08 IPBusEnum - ok
09:14:09.0170 0x0d08 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:14:09.0202 0x0d08 IpFilterDriver - ok
09:14:09.0233 0x0d08 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:14:09.0264 0x0d08 iphlpsvc - ok
09:14:09.0295 0x0d08 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:14:09.0311 0x0d08 IPMIDRV - ok
09:14:09.0342 0x0d08 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:14:09.0373 0x0d08 IPNAT - ok
09:14:09.0389 0x0d08 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:14:09.0467 0x0d08 IRENUM - ok
09:14:09.0482 0x0d08 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:14:09.0482 0x0d08 isapnp - ok
09:14:09.0498 0x0d08 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:14:09.0514 0x0d08 iScsiPrt - ok
09:14:09.0545 0x0d08 [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT C:\Windows\system32\DRIVERS\ISCTD.sys
09:14:09.0560 0x0d08 ISCT - ok
09:14:09.0592 0x0d08 [ B6064D8C7500E416BC0B7CB2A8474D3A, 824CD7539398119DEF147EEDDBF010EA9B6184B8FA4B17BDDC0D9948F0F66991 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
09:14:09.0607 0x0d08 ISCTAgent - ok
09:14:09.0638 0x0d08 [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:14:09.0638 0x0d08 iusb3hcs - ok
09:14:09.0685 0x0d08 [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
09:14:09.0685 0x0d08 iusb3hub - ok
09:14:09.0748 0x0d08 [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:14:09.0763 0x0d08 iusb3xhc - ok
09:14:09.0794 0x0d08 [ BDC9C7931DB723CB1AF9F7075EA06645, EEBD5DC9C4656F14F8F0A0A5E84657B6B2BA35283E0E571119DA82F131D5C21B ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:14:09.0810 0x0d08 jhi_service - ok
09:14:09.0826 0x0d08 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:14:09.0826 0x0d08 kbdclass - ok
09:14:09.0841 0x0d08 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:14:09.0857 0x0d08 kbdhid - ok
09:14:09.0872 0x0d08 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
09:14:09.0888 0x0d08 KeyIso - ok
09:14:09.0904 0x0d08 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:14:09.0919 0x0d08 KSecDD - ok
09:14:09.0935 0x0d08 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:14:09.0935 0x0d08 KSecPkg - ok
09:14:09.0950 0x0d08 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:14:09.0997 0x0d08 ksthunk - ok
09:14:10.0013 0x0d08 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:14:10.0060 0x0d08 KtmRm - ok
09:14:10.0091 0x0d08 [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
09:14:10.0106 0x0d08 LADF_CaptureOnly - ok
09:14:10.0122 0x0d08 [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
09:14:10.0122 0x0d08 LADF_RenderOnly - ok
09:14:10.0169 0x0d08 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:14:10.0200 0x0d08 LanmanServer - ok
09:14:10.0231 0x0d08 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:14:10.0262 0x0d08 LanmanWorkstation - ok
09:14:10.0294 0x0d08 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
09:14:10.0294 0x0d08 LGBusEnum - ok
09:14:10.0325 0x0d08 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
09:14:10.0325 0x0d08 LGVirHid - ok
09:14:10.0356 0x0d08 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:14:10.0387 0x0d08 lltdio - ok
09:14:10.0418 0x0d08 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:14:10.0465 0x0d08 lltdsvc - ok
09:14:10.0481 0x0d08 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:14:10.0496 0x0d08 lmhosts - ok
09:14:10.0543 0x0d08 [ A7D2A96187E5C5F4F7650900A15788AA, F131C3E8206A89A9244ECF2507F4FC1A8550E594A58F75338939A54C973078AF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:14:10.0559 0x0d08 LMS - ok
09:14:10.0574 0x0d08 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:14:10.0574 0x0d08 LSI_FC - ok
09:14:10.0621 0x0d08 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:14:10.0621 0x0d08 LSI_SAS - ok
09:14:10.0637 0x0d08 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:14:10.0637 0x0d08 LSI_SAS2 - ok
09:14:10.0652 0x0d08 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:14:10.0652 0x0d08 LSI_SCSI - ok
09:14:10.0668 0x0d08 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:14:10.0699 0x0d08 luafv - ok
09:14:10.0715 0x0d08 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:14:10.0746 0x0d08 Mcx2Svc - ok
09:14:10.0777 0x0d08 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:14:10.0777 0x0d08 megasas - ok
09:14:10.0793 0x0d08 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:14:10.0808 0x0d08 MegaSR - ok
09:14:10.0840 0x0d08 [ AFEA4FAABCE6F0C299E9231FF4F466BE, BCF0C50F02C4AC2784139935F3756F5C4D24FCAF07ACD9567B87991A9D1F16DB ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
09:14:10.0840 0x0d08 MEIx64 - ok
09:14:10.0871 0x0d08 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:14:10.0902 0x0d08 MMCSS - ok
09:14:10.0918 0x0d08 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:14:10.0949 0x0d08 Modem - ok
09:14:10.0980 0x0d08 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:14:10.0996 0x0d08 monitor - ok
09:14:11.0027 0x0d08 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:14:11.0027 0x0d08 mouclass - ok
09:14:11.0089 0x0d08 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:14:11.0105 0x0d08 mouhid - ok
09:14:11.0136 0x0d08 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:14:11.0152 0x0d08 mountmgr - ok
09:14:11.0167 0x0d08 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:14:11.0183 0x0d08 MozillaMaintenance - ok
09:14:11.0198 0x0d08 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:14:11.0214 0x0d08 MpFilter - ok
09:14:11.0230 0x0d08 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:14:11.0245 0x0d08 mpio - ok
09:14:11.0276 0x0d08 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:14:11.0292 0x0d08 mpsdrv - ok
09:14:11.0339 0x0d08 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:14:11.0386 0x0d08 MpsSvc - ok
09:14:11.0432 0x0d08 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:14:11.0464 0x0d08 MRxDAV - ok
09:14:11.0479 0x0d08 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:11.0526 0x0d08 mrxsmb - ok
09:14:11.0557 0x0d08 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:11.0573 0x0d08 mrxsmb10 - ok
09:14:11.0604 0x0d08 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:11.0604 0x0d08 mrxsmb20 - ok
09:14:11.0635 0x0d08 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:14:11.0635 0x0d08 msahci - ok
09:14:11.0651 0x0d08 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:14:11.0651 0x0d08 msdsm - ok
09:14:11.0666 0x0d08 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:14:11.0698 0x0d08 MSDTC - ok
09:14:11.0713 0x0d08 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:14:11.0729 0x0d08 Msfs - ok
09:14:11.0744 0x0d08 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:14:11.0776 0x0d08 mshidkmdf - ok
09:14:11.0776 0x0d08 MSICDSetup - ok
09:14:11.0807 0x0d08 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:14:11.0807 0x0d08 msisadrv - ok
09:14:11.0838 0x0d08 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:14:11.0885 0x0d08 MSiSCSI - ok
09:14:11.0885 0x0d08 msiserver - ok
09:14:11.0916 0x0d08 [ 6AFCD25B843D0C731B6987E39995AE72, FD0F2E15B0CEB1E558BD8A02D59B9002706A003049678281A446BC4398862B70 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
09:14:11.0916 0x0d08 MSI_SuperCharger - ok
09:14:11.0947 0x0d08 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:14:11.0978 0x0d08 MSKSSRV - ok
09:14:12.0025 0x0d08 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:14:12.0025 0x0d08 MsMpSvc - ok
09:14:12.0041 0x0d08 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:12.0072 0x0d08 MSPCLOCK - ok
09:14:12.0088 0x0d08 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:14:12.0119 0x0d08 MSPQM - ok
09:14:12.0150 0x0d08 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:14:12.0166 0x0d08 MsRPC - ok
09:14:12.0181 0x0d08 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:14:12.0197 0x0d08 mssmbios - ok
09:14:12.0212 0x0d08 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:14:12.0259 0x0d08 MSTEE - ok
09:14:12.0259 0x0d08 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:14:12.0290 0x0d08 MTConfig - ok
09:14:12.0306 0x0d08 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:14:12.0306 0x0d08 Mup - ok
09:14:12.0337 0x0d08 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:14:12.0384 0x0d08 napagent - ok
09:14:12.0400 0x0d08 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:14:12.0431 0x0d08 NativeWifiP - ok
09:14:12.0478 0x0d08 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:14:12.0509 0x0d08 NDIS - ok
09:14:12.0524 0x0d08 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:14:12.0540 0x0d08 NdisCap - ok
09:14:12.0556 0x0d08 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:12.0587 0x0d08 NdisTapi - ok
09:14:12.0618 0x0d08 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:12.0649 0x0d08 Ndisuio - ok
09:14:12.0665 0x0d08 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:12.0712 0x0d08 NdisWan - ok
09:14:12.0712 0x0d08 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:14:12.0758 0x0d08 NDProxy - ok
09:14:12.0774 0x0d08 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:14:12.0805 0x0d08 NetBIOS - ok
09:14:12.0836 0x0d08 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:14:12.0868 0x0d08 NetBT - ok
09:14:12.0883 0x0d08 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
09:14:12.0899 0x0d08 Netlogon - ok
09:14:12.0946 0x0d08 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:14:12.0977 0x0d08 Netman - ok
09:14:13.0008 0x0d08 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0008 0x0d08 NetMsmqActivator - ok
09:14:13.0024 0x0d08 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0039 0x0d08 NetPipeActivator - ok
09:14:13.0086 0x0d08 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:14:13.0133 0x0d08 netprofm - ok
09:14:13.0133 0x0d08 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0148 0x0d08 NetTcpActivator - ok
09:14:13.0148 0x0d08 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0164 0x0d08 NetTcpPortSharing - ok
09:14:13.0211 0x0d08 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:14:13.0211 0x0d08 nfrd960 - ok
09:14:13.0242 0x0d08 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:14:13.0258 0x0d08 NisDrv - ok
09:14:13.0273 0x0d08 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:14:13.0289 0x0d08 NisSrv - ok
09:14:13.0336 0x0d08 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:14:13.0367 0x0d08 NlaSvc - ok
09:14:13.0382 0x0d08 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:14:13.0414 0x0d08 Npfs - ok
09:14:13.0429 0x0d08 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:14:13.0460 0x0d08 nsi - ok
09:14:13.0476 0x0d08 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:14:13.0507 0x0d08 nsiproxy - ok
09:14:13.0585 0x0d08 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:14:13.0616 0x0d08 Ntfs - ok
09:14:13.0648 0x0d08 [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3 C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
09:14:13.0663 0x0d08 NTIOLib_1_0_3 - ok
09:14:13.0663 0x0d08 NTIOLib_1_0_C - ok
09:14:13.0679 0x0d08 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:14:13.0710 0x0d08 Null - ok
09:14:13.0741 0x0d08 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:14:13.0741 0x0d08 nvraid - ok
09:14:13.0757 0x0d08 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:14:13.0772 0x0d08 nvstor - ok
09:14:13.0772 0x0d08 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:14:13.0788 0x0d08 nv_agp - ok
09:14:13.0804 0x0d08 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:14:13.0804 0x0d08 ohci1394 - ok
09:14:13.0897 0x0d08 [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
09:14:13.0944 0x0d08 Origin Client Service - ok
09:14:13.0991 0x0d08 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:14:14.0022 0x0d08 p2pimsvc - ok
09:14:14.0053 0x0d08 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:14:14.0069 0x0d08 p2psvc - ok
09:14:14.0100 0x0d08 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:14:14.0100 0x0d08 Parport - ok
09:14:14.0131 0x0d08 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:14:14.0147 0x0d08 partmgr - ok
09:14:14.0162 0x0d08 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
09:14:14.0194 0x0d08 PcaSvc - ok
09:14:14.0225 0x0d08 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:14:14.0240 0x0d08 pci - ok
09:14:14.0256 0x0d08 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:14:14.0256 0x0d08 pciide - ok
09:14:14.0287 0x0d08 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:14:14.0287 0x0d08 pcmcia - ok
09:14:14.0303 0x0d08 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:14:14.0318 0x0d08 pcw - ok
09:14:14.0350 0x0d08 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:14:14.0396 0x0d08 PEAUTH - ok
09:14:14.0443 0x0d08 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:14:14.0521 0x0d08 PeerDistSvc - ok
09:14:14.0584 0x0d08 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:14:14.0599 0x0d08 PerfHost - ok
09:14:14.0662 0x0d08 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:14:14.0724 0x0d08 pla - ok
09:14:14.0771 0x0d08 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:14:14.0802 0x0d08 PlugPlay - ok
09:14:14.0833 0x0d08 [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
09:14:14.0849 0x0d08 PnkBstrA - ok
09:14:14.0880 0x0d08 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:14:14.0896 0x0d08 PNRPAutoReg - ok
09:14:14.0911 0x0d08 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:14:14.0927 0x0d08 PNRPsvc - ok
09:14:14.0974 0x0d08 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:14:15.0005 0x0d08 PolicyAgent - ok
09:14:15.0052 0x0d08 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:14:15.0083 0x0d08 Power - ok
09:14:15.0114 0x0d08 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:14:15.0145 0x0d08 PptpMiniport - ok
09:14:15.0145 0x0d08 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:14:15.0176 0x0d08 Processor - ok
09:14:15.0208 0x0d08 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
09:14:15.0239 0x0d08 ProfSvc - ok
09:14:15.0254 0x0d08 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:14:15.0254 0x0d08 ProtectedStorage - ok
09:14:15.0286 0x0d08 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:14:15.0301 0x0d08 Psched - ok
09:14:15.0379 0x0d08 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:14:15.0426 0x0d08 ql2300 - ok
09:14:15.0442 0x0d08 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:14:15.0442 0x0d08 ql40xx - ok
09:14:15.0488 0x0d08 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:14:15.0520 0x0d08 QWAVE - ok
09:14:15.0535 0x0d08 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:14:15.0566 0x0d08 QWAVEdrv - ok
09:14:15.0582 0x0d08 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:14:15.0629 0x0d08 RasAcd - ok
09:14:15.0644 0x0d08 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:14:15.0660 0x0d08 RasAgileVpn - ok
09:14:15.0691 0x0d08 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:14:15.0738 0x0d08 RasAuto - ok
09:14:15.0769 0x0d08 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:15.0800 0x0d08 Rasl2tp - ok
09:14:15.0832 0x0d08 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:14:15.0878 0x0d08 RasMan - ok
09:14:15.0894 0x0d08 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:15.0925 0x0d08 RasPppoe - ok
09:14:15.0956 0x0d08 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:14:15.0972 0x0d08 RasSstp - ok
09:14:16.0019 0x0d08 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:14:16.0050 0x0d08 rdbss - ok
09:14:16.0081 0x0d08 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:14:16.0097 0x0d08 rdpbus - ok
09:14:16.0112 0x0d08 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:16.0144 0x0d08 RDPCDD - ok
09:14:16.0190 0x0d08 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:14:16.0237 0x0d08 RDPDR - ok
09:14:16.0268 0x0d08 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:14:16.0300 0x0d08 RDPENCDD - ok
09:14:16.0315 0x0d08 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:14:16.0331 0x0d08 RDPREFMP - ok
09:14:16.0393 0x0d08 [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:14:16.0424 0x0d08 RdpVideoMiniport - ok
09:14:16.0456 0x0d08 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:14:16.0487 0x0d08 RDPWD - ok
09:14:16.0518 0x0d08 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:14:16.0534 0x0d08 rdyboost - ok
09:14:16.0565 0x0d08 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:14:16.0596 0x0d08 RemoteAccess - ok
09:14:16.0627 0x0d08 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:14:16.0658 0x0d08 RemoteRegistry - ok
09:14:16.0690 0x0d08 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:14:16.0721 0x0d08 RpcEptMapper - ok
09:14:16.0736 0x0d08 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:14:16.0752 0x0d08 RpcLocator - ok
09:14:16.0799 0x0d08 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:14:16.0830 0x0d08 RpcSs - ok
09:14:16.0861 0x0d08 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:14:16.0892 0x0d08 rspndr - ok
09:14:16.0939 0x0d08 [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:14:16.0955 0x0d08 RTL8167 - ok
09:14:16.0970 0x0d08 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:14:17.0002 0x0d08 s3cap - ok
09:14:17.0017 0x0d08 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
09:14:17.0017 0x0d08 SamSs - ok
09:14:17.0048 0x0d08 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:14:17.0080 0x0d08 sbp2port - ok
09:14:17.0111 0x0d08 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:14:17.0142 0x0d08 SCardSvr - ok
09:14:17.0158 0x0d08 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:14:17.0189 0x0d08 scfilter - ok
09:14:17.0236 0x0d08 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:14:17.0314 0x0d08 Schedule - ok
09:14:17.0329 0x0d08 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:14:17.0360 0x0d08 SCPolicySvc - ok
09:14:17.0376 0x0d08 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:14:17.0407 0x0d08 SDRSVC - ok
09:14:17.0423 0x0d08 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:14:17.0454 0x0d08 secdrv - ok
09:14:17.0485 0x0d08 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:14:17.0516 0x0d08 seclogon - ok
09:14:17.0548 0x0d08 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:14:17.0579 0x0d08 SENS - ok
09:14:17.0579 0x0d08 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:14:17.0610 0x0d08 SensrSvc - ok
09:14:17.0610 0x0d08 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:14:17.0626 0x0d08 Serenum - ok
09:14:17.0641 0x0d08 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:14:17.0672 0x0d08 Serial - ok
09:14:17.0688 0x0d08 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:14:17.0719 0x0d08 sermouse - ok
09:14:17.0735 0x0d08 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:14:17.0766 0x0d08 SessionEnv - ok
09:14:17.0797 0x0d08 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:14:17.0813 0x0d08 sffdisk - ok
09:14:17.0828 0x0d08 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:14:17.0844 0x0d08 sffp_mmc - ok
09:14:17.0860 0x0d08 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:14:17.0875 0x0d08 sffp_sd - ok
09:14:17.0891 0x0d08 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:17.0922 0x0d08 sfloppy - ok
09:14:17.0969 0x0d08 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:14:18.0000 0x0d08 SharedAccess - ok
09:14:18.0047 0x0d08 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:14:18.0078 0x0d08 ShellHWDetection - ok
09:14:18.0094 0x0d08 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:14:18.0094 0x0d08 SiSRaid2 - ok
09:14:18.0109 0x0d08 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:14:18.0109 0x0d08 SiSRaid4 - ok
09:14:18.0156 0x0d08 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:14:18.0172 0x0d08 SkypeUpdate - ok
09:14:18.0203 0x0d08 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:14:18.0234 0x0d08 Smb - ok
09:14:18.0250 0x0d08 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:14:18.0281 0x0d08 SNMPTRAP - ok
09:14:18.0296 0x0d08 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:14:18.0296 0x0d08 spldr - ok
09:14:18.0343 0x0d08 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
09:14:18.0374 0x0d08 Spooler - ok
09:14:18.0484 0x0d08 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:14:18.0593 0x0d08 sppsvc - ok
09:14:18.0640 0x0d08 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:14:18.0671 0x0d08 sppuinotify - ok
09:14:18.0702 0x0d08 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:14:18.0749 0x0d08 srv - ok
09:14:18.0764 0x0d08 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:14:18.0796 0x0d08 srv2 - ok
09:14:18.0827 0x0d08 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:14:18.0858 0x0d08 srvnet - ok
09:14:18.0905 0x0d08 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:14:18.0936 0x0d08 SSDPSRV - ok
09:14:18.0952 0x0d08 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:14:18.0967 0x0d08 SstpSvc - ok
09:14:19.0030 0x0d08 [ 00D1DA2916DC90BDB64942FE2BEB865B, 4FEE3AC3649F9E9879F4C083C4A6B1D6C0F2E0280C22ECD49E5FD4C842C8D346 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:14:19.0232 0x0d08 Steam Client Service - ok
09:14:19.0248 0x0d08 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:14:19.0264 0x0d08 stexstor - ok
09:14:19.0295 0x0d08 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:14:19.0326 0x0d08 stisvc - ok
09:14:19.0342 0x0d08 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:14:19.0342 0x0d08 storflt - ok
09:14:19.0357 0x0d08 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:14:19.0373 0x0d08 storvsc - ok
09:14:19.0373 0x0d08 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
09:14:19.0388 0x0d08 swenum - ok
09:14:19.0435 0x0d08 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:14:19.0466 0x0d08 swprv - ok
09:14:19.0498 0x0d08 Synth3dVsc - ok
09:14:19.0560 0x0d08 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:14:19.0638 0x0d08 SysMain - ok
09:14:19.0669 0x0d08 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:14:19.0685 0x0d08 TabletInputService - ok
09:14:19.0716 0x0d08 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:14:19.0763 0x0d08 TapiSrv - ok
09:14:19.0778 0x0d08 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:14:19.0794 0x0d08 TBS - ok
09:14:19.0856 0x0d08 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:14:19.0903 0x0d08 Tcpip - ok
09:14:19.0950 0x0d08 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:14:19.0981 0x0d08 TCPIP6 - ok
09:14:20.0012 0x0d08 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:14:20.0044 0x0d08 tcpipreg - ok
09:14:20.0075 0x0d08 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:14:20.0106 0x0d08 TDPIPE - ok
09:14:20.0137 0x0d08 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:14:20.0153 0x0d08 TDTCP - ok
09:14:20.0184 0x0d08 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:14:20.0200 0x0d08 tdx - ok
09:14:20.0200 0x0d08 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
09:14:20.0215 0x0d08 TermDD - ok
09:14:20.0246 0x0d08 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll
09:14:20.0278 0x0d08 TermService - ok
09:14:20.0309 0x0d08 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:14:20.0340 0x0d08 Themes - ok
09:14:20.0356 0x0d08 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:14:20.0371 0x0d08 THREADORDER - ok
09:14:20.0387 0x0d08 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:14:20.0418 0x0d08 TrkWks - ok
09:14:20.0465 0x0d08 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:14:20.0496 0x0d08 TrustedInstaller - ok
09:14:20.0512 0x0d08 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:20.0543 0x0d08 tssecsrv - ok
09:14:20.0558 0x0d08 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:14:20.0605 0x0d08 TsUsbFlt - ok
09:14:20.0605 0x0d08 tsusbhub - ok
09:14:20.0621 0x0d08 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:14:20.0652 0x0d08 tunnel - ok
09:14:20.0683 0x0d08 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:14:20.0683 0x0d08 uagp35 - ok
09:14:20.0730 0x0d08 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:14:20.0761 0x0d08 udfs - ok
09:14:20.0792 0x0d08 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:14:20.0808 0x0d08 UI0Detect - ok
09:14:20.0824 0x0d08 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:14:20.0824 0x0d08 uliagpkx - ok
09:14:20.0839 0x0d08 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
09:14:20.0870 0x0d08 umbus - ok
09:14:20.0886 0x0d08 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:14:20.0886 0x0d08 UmPass - ok
09:14:20.0933 0x0d08 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
09:14:20.0933 0x0d08 UmRdpService - ok
09:14:20.0980 0x0d08 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:14:21.0011 0x0d08 upnphost - ok
09:14:21.0058 0x0d08 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:14:21.0089 0x0d08 usbaudio - ok
09:14:21.0120 0x0d08 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:21.0151 0x0d08 usbccgp - ok
09:14:21.0167 0x0d08 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:14:21.0198 0x0d08 usbcir - ok
09:14:21.0229 0x0d08 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:14:21.0229 0x0d08 usbehci - ok
09:14:21.0260 0x0d08 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:14:21.0292 0x0d08 usbhub - ok
09:14:21.0307 0x0d08 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:14:21.0323 0x0d08 usbohci - ok
09:14:21.0354 0x0d08 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:14:21.0385 0x0d08 usbprint - ok
09:14:21.0416 0x0d08 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:21.0432 0x0d08 USBSTOR - ok
09:14:21.0448 0x0d08 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:14:21.0463 0x0d08 usbuhci - ok
09:14:21.0494 0x0d08 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:14:21.0526 0x0d08 UxSms - ok
09:14:21.0526 0x0d08 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
09:14:21.0541 0x0d08 VaultSvc - ok
09:14:21.0572 0x0d08 [ 4006E66939B4D716C990256CF93D4BC1, 5E9366D8B684768B0188077C05B52B29D43B9A401A73D81045B9823458334223 ] VBAudioVACMME C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys
09:14:21.0604 0x0d08 VBAudioVACMME - ok
09:14:21.0619 0x0d08 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:14:21.0635 0x0d08 vdrvroot - ok
09:14:21.0666 0x0d08 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:14:21.0697 0x0d08 vds - ok
09:14:21.0744 0x0d08 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:21.0744 0x0d08 vga - ok
09:14:21.0760 0x0d08 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:14:21.0791 0x0d08 VgaSave - ok
09:14:21.0791 0x0d08 VGPU - ok
09:14:21.0806 0x0d08 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:14:21.0822 0x0d08 vhdmp - ok
09:14:21.0838 0x0d08 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:14:21.0838 0x0d08 viaide - ok
09:14:21.0853 0x0d08 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:14:21.0869 0x0d08 vmbus - ok
09:14:21.0884 0x0d08 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:14:21.0900 0x0d08 VMBusHID - ok
09:14:21.0900 0x0d08 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:14:21.0916 0x0d08 volmgr - ok
09:14:21.0931 0x0d08 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:14:21.0947 0x0d08 volmgrx - ok
09:14:21.0962 0x0d08 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:14:21.0978 0x0d08 volsnap - ok
09:14:22.0009 0x0d08 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:14:22.0025 0x0d08 vsmraid - ok
09:14:22.0087 0x0d08 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:14:22.0165 0x0d08 VSS - ok
09:14:22.0181 0x0d08 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:14:22.0212 0x0d08 vwifibus - ok
09:14:22.0228 0x0d08 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:14:22.0259 0x0d08 W32Time - ok
09:14:22.0290 0x0d08 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:14:22.0306 0x0d08 WacomPen - ok
09:14:22.0321 0x0d08 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:14:22.0352 0x0d08 WANARP - ok
09:14:22.0352 0x0d08 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:14:22.0384 0x0d08 Wanarpv6 - ok
09:14:22.0430 0x0d08 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:14:22.0508 0x0d08 wbengine - ok
09:14:22.0540 0x0d08 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:14:22.0555 0x0d08 WbioSrvc - ok
09:14:22.0586 0x0d08 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:14:22.0602 0x0d08 wcncsvc - ok
09:14:22.0618 0x0d08 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:14:22.0649 0x0d08 WcsPlugInService - ok
09:14:22.0680 0x0d08 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:14:22.0680 0x0d08 Wd - ok
09:14:22.0727 0x0d08 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:14:22.0758 0x0d08 Wdf01000 - ok
09:14:22.0758 0x0d08 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:14:22.0805 0x0d08 WdiServiceHost - ok
09:14:22.0805 0x0d08 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:14:22.0820 0x0d08 WdiSystemHost - ok
09:14:22.0852 0x0d08 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
09:14:22.0883 0x0d08 WebClient - ok
09:14:22.0914 0x0d08 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:14:22.0945 0x0d08 Wecsvc - ok
09:14:22.0961 0x0d08 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:14:22.0992 0x0d08 wercplsupport - ok
09:14:23.0008 0x0d08 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:14:23.0023 0x0d08 WerSvc - ok
09:14:23.0101 0x0d08 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:14:23.0117 0x0d08 WfpLwf - ok
09:14:23.0117 0x0d08 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:14:23.0132 0x0d08 WIMMount - ok
09:14:23.0132 0x0d08 WinDefend - ok
09:14:23.0148 0x0d08 WinHttpAutoProxySvc - ok
09:14:23.0195 0x0d08 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:14:23.0226 0x0d08 Winmgmt - ok
09:14:23.0273 0x0d08 WinRing0_1_2_0 - ok
09:14:23.0351 0x0d08 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
09:14:23.0429 0x0d08 WinRM - ok
09:14:23.0460 0x0d08 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:14:23.0460 0x0d08 WinUsb - ok
09:14:23.0507 0x0d08 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:14:23.0554 0x0d08 Wlansvc - ok
09:14:23.0585 0x0d08 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:14:23.0600 0x0d08 WmiAcpi - ok
09:14:23.0647 0x0d08 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:14:23.0663 0x0d08 wmiApSrv - ok
09:14:23.0694 0x0d08 WMPNetworkSvc - ok
09:14:23.0725 0x0d08 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:14:23.0741 0x0d08 WPCSvc - ok
09:14:23.0756 0x0d08 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:14:23.0772 0x0d08 WPDBusEnum - ok
09:14:23.0788 0x0d08 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:14:23.0819 0x0d08 ws2ifsl - ok
09:14:23.0834 0x0d08 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:14:23.0850 0x0d08 wscsvc - ok
09:14:23.0850 0x0d08 WSearch - ok
09:14:23.0944 0x0d08 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
09:14:24.0006 0x0d08 wuauserv - ok
09:14:24.0022 0x0d08 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:14:24.0053 0x0d08 WudfPf - ok
09:14:24.0084 0x0d08 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:24.0115 0x0d08 WUDFRd - ok
09:14:24.0146 0x0d08 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:14:24.0146 0x0ae8 Object required for P2P: [ 975761C778E33CD22498059B91E7373A ] HdAudAddService
09:14:24.0162 0x0d08 wudfsvc - ok
09:14:24.0193 0x0d08 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:14:24.0224 0x0d08 WwanSvc - ok
09:14:24.0271 0x0d08 [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
09:14:24.0318 0x0d08 xnacc - ok
09:14:24.0334 0x0d08 ================ Scan global ===============================
09:14:24.0380 0x0d08 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:14:24.0396 0x0d08 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:14:24.0412 0x0d08 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:14:24.0443 0x0d08 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:14:24.0474 0x0d08 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:14:24.0474 0x0d08 [ Global ] - ok
09:14:24.0474 0x0d08 ================ Scan MBR ==================================
09:14:24.0474 0x0d08 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:14:24.0599 0x0d08 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
09:14:24.0599 0x0d08 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:14:26.0954 0x0ae8 Object send P2P result: true
09:14:26.0970 0x0ae8 Object required for P2P: [ DDC86E4F8E7456261E637E3552E804FF ] rspndr
09:14:27.0344 0x0d08 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:14:27.0485 0x0d08 \Device\Harddisk1\DR1 - ok
09:14:27.0500 0x0d08 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:14:28.0218 0x0d08 \Device\Harddisk2\DR2 - ok
09:14:28.0218 0x0d08 ================ Scan VBR ==================================
09:14:28.0218 0x0d08 [ 632A3749F19F5B2BA85962E5567E19EB ] \Device\Harddisk0\DR0\Partition1
09:14:28.0234 0x0d08 \Device\Harddisk0\DR0\Partition1 - ok
09:14:28.0234 0x0d08 [ EFDD704EE2CD7B9694F0617C5443D0A5 ] \Device\Harddisk0\DR0\Partition2
09:14:28.0234 0x0d08 \Device\Harddisk0\DR0\Partition2 - ok
09:14:28.0234 0x0d08 [ A193457624ED7282A21297A34FCB2B87 ] \Device\Harddisk1\DR1\Partition1
09:14:28.0234 0x0d08 \Device\Harddisk1\DR1\Partition1 - ok
09:14:28.0234 0x0d08 [ 4EFA31740DC501FB6E91B21980F68E48 ] \Device\Harddisk2\DR2\Partition1
09:14:28.0312 0x0d08 \Device\Harddisk2\DR2\Partition1 - ok
09:14:28.0312 0x0d08 ================ Scan generic autorun ======================
09:14:28.0561 0x0d08 [ A433600D55D6C7E165954009FA0149E0, DCEE341BF3AC501E150D64C9BF7FA697939D03480DF7A14BA28ACCB17F638D1C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
09:14:28.0780 0x0d08 RTHDVCPL - ok
09:14:28.0982 0x0d08 [ 920D0E9C8DD3879B45A547C9081E425B, FD7C4443B8D085526221F93581F0CDFCB0A9D886EB7A0FF01054DD4EC9E4EEA5 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
09:14:29.0154 0x0d08 ISCT Tray - ok
09:14:29.0497 0x0d08 [ E96A89F58BE362CFE38EDD5D9613E72A, C1102FB2BDC93C963D8DB9D0D4107A547D5E2FFE32A2437E70D0A3D91D1CF526 ] C:\Program Files\Logitech Gaming Software\LCore.exe
09:14:29.0825 0x0ae8 Object send P2P result: true
09:14:29.0825 0x0ae8 Object required for P2P: [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
09:14:29.0840 0x0d08 Launch LCore - ok
09:14:29.0918 0x0d08 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
09:14:29.0965 0x0d08 MSC - ok
09:14:30.0012 0x0d08 [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:14:30.0028 0x0d08 USB3MON - ok
09:14:30.0121 0x0d08 [ B0FCC4B7BB21FA6112532D424EE1B1AD, 294EAD47F50C69A61D97AFB1A07BBC37D3FCA5F6DAABD05FF7372B282C2CD4EB ] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
09:14:30.0137 0x0d08 Super Charger - ok
09:14:30.0168 0x0d08 [ 12916E0642E92561C98B18A2A2D01B14, 4C28478CFE25E1F29AEF8BA6F2FAF3E6C2B34BF18CA77052813903E10ADDCCD5 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:14:30.0184 0x0d08 SunJavaUpdateSched - ok
09:14:30.0215 0x0d08 [ 3525994B92F56740C64B5412AEF1411D, 08FB7F8E1C34109699F9431D56CE0E502E165A01C7494BD7AE35A687C45CC942 ] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
09:14:30.0230 0x0d08 Copperhead - detected UnsignedFile.Multi.Generic ( 1 )
09:14:32.0602 0x0ae8 Object send P2P result: true
09:14:33.0148 0x0d08 Detect skipped due to KSN trusted
09:14:33.0148 0x0d08 Copperhead - ok
09:14:33.0210 0x0d08 [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
09:14:33.0210 0x0d08 Raptr - ok
09:14:33.0257 0x0d08 [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
09:14:33.0288 0x0d08 StartCCC - ok
09:14:33.0350 0x0d08 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:33.0413 0x0d08 Sidebar - ok
09:14:33.0444 0x0d08 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:14:33.0460 0x0d08 mctadmin - ok
09:14:33.0491 0x0d08 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:33.0522 0x0d08 Sidebar - ok
09:14:33.0522 0x0d08 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:14:33.0538 0x0d08 mctadmin - ok
09:14:33.0631 0x0d08 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
09:14:33.0678 0x0d08 Sidebar - ok
09:14:33.0725 0x0d08 authenticator - ok
09:14:33.0725 0x0d08 Waiting for KSN requests completion. In queue: 14
09:14:34.0739 0x0d08 Waiting for KSN requests completion. In queue: 14
09:14:35.0753 0x0d08 Waiting for KSN requests completion. In queue: 7
09:14:36.0767 0x0d08 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
09:14:36.0767 0x0d08 Win FW state via NFP2: enabled
09:14:39.0481 0x0d08 ============================================================
09:14:39.0481 0x0d08 Scan finished
09:14:39.0481 0x0d08 ============================================================
09:14:39.0481 0x0ce8 Detected object count: 1
09:14:39.0481 0x0ce8 Actual detected object count: 1
09:18:28.0316 0x0ce8 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
09:18:28.0316 0x0ce8 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:18:28.0332 0x0ce8 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:18:28.0379 0x0ce8 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:18:28.0784 0x0ce8 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:18:28.0800 0x0ce8 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:18:28.0878 0x0ce8 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:18:28.0925 0x0ce8 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:18:28.0971 0x0ce8 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:18:29.0049 0x0ce8 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
09:18:29.0049 0x0ce8 \Device\Harddisk0\DR0\TDLFS - deleted
09:18:29.0049 0x0ce8 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
|
|
06.02.2015, 10:50
| #6 |
| /// the machine /// TB-Ausbilder | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall hi, Scan mit Combofix
__________________ --> Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall |
|
06.02.2015, 11:19
| #7 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall MSE hatte ich über den Taskmanager beendet. Combofix meckerte trotzdem rum.Ich habe im Taskmanager die Datei "MsMpEng.exe" gefunden, die ich aber nicht beenden konnte. Combofix habe ich jetzt trotzdem laufen lassen. Eine Aufforderung zum Neustart kam nicht. Hier das Log Code:
ATTFilter ComboFix 15-02-02.01 - Arty 06.02.2015 10:58:22.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8125.6421 [GMT 1:00]
ausgeführt von:: c:\users\Arty\Desktop\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-01-06 bis 2015-02-06 ))))))))))))))))))))))))))))))
.
.
2015-02-06 10:11 . 2015-02-06 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-06 08:18 . 2015-02-06 08:18 -------- d-----w- C:\TDSSKiller_Quarantine
2015-02-06 00:03 . 2014-12-02 01:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B38D444-828D-4C05-A219-0A805199D423}\mpengine.dll
2015-02-05 03:09 . 2015-02-05 16:27 -------- d-----w- C:\FRST
2015-02-04 05:43 . 2014-12-02 01:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-03 12:06 . 2015-02-03 12:06 -------- d-----w- c:\program files (x86)\AP Tuner
2015-01-31 19:25 . 2015-01-31 19:25 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-31 19:25 . 2015-01-31 19:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-01-28 14:46 . 2015-02-03 09:48 -------- d-----w- C:\AdwCleaner
2015-01-23 22:08 . 2015-01-23 22:52 -------- d-----w- c:\users\Arty\AppData\Local\Warframe
2015-01-22 05:36 . 2015-01-09 16:16 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75E5A663-4F62-4B76-B7DC-121077B7C6F4}\gapaengine.dll
2015-01-20 10:12 . 2015-01-20 10:12 -------- d-----w- c:\users\Arty\AppData\Local\CAPCOM
2015-01-16 02:43 . 2015-01-16 02:45 -------- d-----w- c:\program files (x86)\MP3Gain
2015-01-16 02:41 . 2015-01-16 02:41 -------- d-----w- c:\program files (x86)\Lame For Audacity
2015-01-16 02:36 . 2015-01-16 06:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-01-12 08:16 . 2015-01-14 02:26 -------- d--h--w- c:\users\Arty\AppData\Roaming\Bother_fall
2015-01-11 05:43 . 2015-01-09 16:16 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-01-09 16:15 . 2015-01-09 16:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2015-01-09 16:15 . 2015-01-09 16:15 -------- d-----w- c:\program files\Microsoft Security Client
2015-01-09 16:13 . 2015-01-09 16:14 -------- d-----w- C:\OETemp
2015-01-09 13:27 . 2015-01-13 02:38 -------- d--h--w- c:\users\Arty\AppData\Local\Angle-improve
2015-01-08 18:45 . 2015-01-09 16:10 -------- d--h--w- c:\users\Arty\AppData\Roaming\Buttontrade
2015-01-08 16:49 . 2014-12-15 03:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E68AD17-595F-4E1C-8B60-26E059063755}\mpengine.dll
2015-01-08 16:49 . 2014-12-31 11:14 298120 ------w- c:\windows\system32\MpSigStub.exe
2015-01-08 13:11 . 2015-01-09 02:35 -------- d--h--w- c:\users\Arty\AppData\Roaming\Jpeq
2015-01-08 12:45 . 2015-01-08 12:45 -------- d-----w- c:\programdata\Battle.net
2015-01-08 12:40 . 2015-01-09 16:10 -------- d--h--w- c:\users\Arty\AppData\Roaming\Botherattempt
2015-01-08 08:30 . 2015-01-13 11:15 -------- d-----w- c:\programdata\mvyatvj
2015-01-07 16:16 . 2015-01-07 16:16 -------- d-----w- c:\program files\VSTplugins
2015-01-07 16:16 . 2015-01-07 16:16 -------- d-----w- c:\program files\Audiffex
2015-01-07 16:12 . 2015-01-07 16:12 -------- d-----w- c:\windows\system32\IO
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 18:08 . 2014-10-24 05:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 18:08 . 2014-10-24 05:08 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 16:22 . 2014-10-24 16:02 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-23 21:41 . 2014-12-03 22:03 174112 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-11-21 05:14 . 2014-10-24 16:02 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-10-24 16:02 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-10-24 16:02 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-21 02:44 . 2014-12-28 09:30 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-11-21 02:44 . 2014-12-28 09:30 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-11-21 02:44 . 2014-12-28 09:30 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-12-28 09:30 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-12-28 09:30 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-12-28 09:30 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-10-23 20:19 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-12-28 09:30 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-10-23 20:19 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-10-23 20:19 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2014-10-23 20:19 1348928 ----a-w- c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-10-23 20:19 1127496 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-10-23 20:19 11076784 ----a-w- c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-12-28 09:30 9401480 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-10-23 20:19 7558816 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-10-23 20:19 7077776 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-10-23 20:19 8379720 ----a-w- c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-10-23 20:19 8369408 ----a-w- c:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-12-28 09:30 294600 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-12-28 09:30 18959360 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-12-28 09:30 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-12-28 09:30 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-12-28 09:30 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-12-28 09:30 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-12-28 09:30 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-12-28 09:30 47899136 ----a-w- c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-12-28 09:30 40987136 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-12-28 09:30 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-12-28 09:30 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-12-28 09:30 28354560 ----a-w- c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-12-28 09:30 23621632 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-12-28 09:30 49664 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-12-28 09:30 38912 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-12-28 09:30 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-12-28 09:30 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-12-28 09:30 5837312 ----a-w- c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-12-28 09:30 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-12-28 09:30 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-12-28 09:30 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-12-28 09:30 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-12-28 09:30 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-12-28 09:30 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-11-21 02:16 . 2014-12-28 09:30 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-11-21 02:15 . 2014-12-28 09:30 4590592 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-11-21 02:13 . 2014-12-28 09:30 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-11-21 02:13 . 2014-12-28 09:30 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12 . 2014-12-28 09:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-10-23 20:19 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-11-21 02:12 . 2014-12-28 09:30 774656 ----a-w- c:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-12-28 09:30 244736 ----a-w- c:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-12-28 09:30 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-11-21 02:10 . 2014-12-28 09:30 843776 ----a-w- c:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-12-28 09:30 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-11-21 02:09 . 2014-10-23 20:19 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-11-21 02:09 . 2014-12-28 09:30 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-11-21 02:09 . 2014-12-28 09:30 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-11-21 02:09 . 2014-10-23 20:19 1214976 ----a-w- c:\windows\system32\atiadlxx.dll
2014-11-21 02:09 . 2014-12-28 09:30 903168 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-11-21 02:09 . 2014-12-28 09:30 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-11-21 02:09 . 2014-12-28 09:30 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-11-21 02:09 . 2014-12-28 09:30 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-12-28 09:30 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-11-21 02:08 . 2014-12-28 09:30 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-11-21 02:08 . 2014-12-28 09:30 589312 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-11-21 02:08 . 2014-12-28 09:30 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-11-20 20:36 . 2014-11-20 20:36 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-11-20 20:35 . 2014-11-20 20:35 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-11-20 13:03 . 2014-11-10 15:15 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-11-18 15:20 . 2014-11-10 15:15 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-11-10 16:50 . 2014-11-10 16:50 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-11-10 15:15 . 2014-11-10 15:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Super Charger"="c:\program files (x86)\MSI\Super Charger\Super Charger.exe" [2014-04-08 1047536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-01-30 55568]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Arty\AppData\Local\Temp\tmpA7E2.tmp;c:\users\Arty\AppData\Local\Temp\tmpA7E2.tmp [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 00:13 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24 18:08]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 15:56]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 15:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-04 7543000]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-02-21 5860656]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-09-16 11877656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-authenticator - c:\programdata\Battle.net\Agent\Agent.3634\Logs\proxy\social.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
AddRemove-Steam App 218620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 250620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 252490 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 730 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Arty\AppData\Local\Temp\tmpA7E2.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-06 11:12:50
ComboFix-quarantined-files.txt 2015-02-06 10:12
.
Vor Suchlauf: 17 Verzeichnis(se), 213.298.884.608 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 216.651.612.160 Bytes frei
.
- - End Of File - - A26CFF31586BC2688FE54DED45FE8817
A36C5E4F47E84449FF07ED3517B43A31
 |
|
06.02.2015, 14:34
| #8 |
| /// the machine /// TB-Ausbilder | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.02.2015, 23:10
| #9 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Hättest du mal einen Link, wo ich mal nachlesen kann, was mich genau infiziert hat? Würde mich brennend interessieren. Hier die Logs Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.02.2015 Suchlauf-Zeit: 22:40:46 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.06.08 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Arty Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350315 Verstrichene Zeit: 12 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 22:56:33
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Arty - ARTY-PC
# Gestarted von : C:\Users\Arty\Desktop\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v40.0.2214.111
*************************
AdwCleaner[R0].txt - [2382 Bytes] - [28/01/2015 15:46:56]
AdwCleaner[R1].txt - [1082 Bytes] - [03/02/2015 10:47:02]
AdwCleaner[R2].txt - [1067 Bytes] - [06/02/2015 22:55:36]
AdwCleaner[S0].txt - [2354 Bytes] - [28/01/2015 15:48:02]
AdwCleaner[S1].txt - [1144 Bytes] - [03/02/2015 10:48:09]
AdwCleaner[S2].txt - [991 Bytes] - [06/02/2015 22:56:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1049 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Arty on 06.02.2015 at 23:01:20,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Arty\AppData\Roaming\mozilla\firefox\profiles\aftrhdfa.default-1414168415968\minidumps [41 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.02.2015 at 23:03:11,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Arty (administrator) on ARTY-PC on 06-02-2015 23:04:56
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml
Chrome:
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpED4A.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 23:03 - 2015-02-06 23:03 - 00000765 _____ () C:\Users\Arty\Desktop\JRT.txt
2015-02-06 22:59 - 2015-02-06 22:59 - 00001129 _____ () C:\Users\Arty\Desktop\AdwCleaner[S2].txt
2015-02-06 22:53 - 2015-02-06 22:53 - 00001200 _____ () C:\Users\Arty\Desktop\mbam.txt
2015-02-06 11:13 - 2015-02-06 11:13 - 00020721 _____ () C:\Users\Arty\Desktop\combofix.txt
2015-02-06 11:12 - 2015-02-06 11:12 - 00020721 _____ () C:\ComboFix.txt
2015-02-06 10:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 10:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 10:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 10:55 - 2015-02-06 11:12 - 00000000 ____D () C:\Qoobox
2015-02-06 10:54 - 2015-02-06 11:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 09:32 - 2015-02-06 09:32 - 00006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-02-06 09:19 - 2015-02-06 09:19 - 00103613 _____ () C:\Users\Arty\Desktop\tdss.txt
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 _____ () C:\Users\Arty\Desktop\Neues Textdokument.txt
2015-02-05 17:47 - 2015-02-05 17:47 - 00009718 _____ () C:\Users\Arty\Desktop\gmer.log
2015-02-05 17:28 - 2015-02-05 17:28 - 00038783 _____ () C:\Users\Arty\Desktop\Addition.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00025819 _____ () C:\Users\Arty\Desktop\FRST.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00000470 _____ () C:\Users\Arty\Desktop\defogger_disable.log
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-06 23:04 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-06 22:56 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
2015-01-08 19:45 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-08 17:49 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 14:11 - 2015-01-09 03:35 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-08 13:40 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-08 09:30 - 2015-01-13 12:15 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-08 09:13 - 2015-01-29 20:14 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-01-07 17:21 - 2015-01-07 17:21 - 00000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiffex
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\VSTplugins
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\Audiffex
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\IO
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 23:03 - 2014-10-23 19:47 - 01235593 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 22:59 - 2014-10-23 21:00 - 00043742 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-06 22:58 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-06 22:58 - 2009-07-14 05:51 - 00115540 _____ () C:\Windows\setupact.log
2015-02-06 22:57 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 22:57 - 2014-10-23 20:54 - 00337784 _____ () C:\Windows\PFRO.log
2015-02-06 22:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 22:56 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 22:56 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 22:40 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 22:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 22:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 11:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-06 11:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 09:32 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-06 09:32 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-02-06 09:32 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-06 01:17 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 01:17 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-06 01:16 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-06 01:14 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-05 19:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 19:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-06 09:32 - 2015-02-06 09:32 - 0006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
LastRegBack: 2015-02-03 08:41
==================== End Of Log ============================
--- --- --- |
|
07.02.2015, 12:30
| #10 |
| /// the machine /// TB-Ausbilder | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-BefallESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2015, 00:23
| #11 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall man man man, eine Warnung über die Dauer vom ESET-Scanner wäre ganz hilfreich gewesen  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8451ef8a53d64c41a2a0e657a32cf886
# engine=22359
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-07 11:16:13
# local_time=2015-02-08 12:16:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2534456 46331367 0 0
# scanned=224910
# found=1
# cleaned=0
# scan_time=5110
sh=F8B02F66C8324F55FA16363C3956C193E9C45372 ft=1 fh=2311c5a1e677fa6d vn="Win64/Olmarik.AMO Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\06.02.2015_09.13.36\tdlfs0000\tsk0004.dta"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (35.0.1)
Mozilla Thunderbird (31.4.0)
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Arty (administrator) on ARTY-PC on 08-02-2015 00:19:21
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml
Chrome:
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpBC7B.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 22:43 - 2015-02-07 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-07 22:41 - 2015-02-07 22:41 - 00000988 _____ () C:\Users\Arty\Desktop\securitycheck.txt
2015-02-06 23:18 - 2015-02-06 23:18 - 00000000 ____D () C:\Users\Arty\AppData\Local\Steam
2015-02-06 23:03 - 2015-02-06 23:03 - 00000765 _____ () C:\Users\Arty\Desktop\JRT.txt
2015-02-06 22:59 - 2015-02-06 22:59 - 00001129 _____ () C:\Users\Arty\Desktop\AdwCleaner[S2].txt
2015-02-06 22:53 - 2015-02-06 22:53 - 00001200 _____ () C:\Users\Arty\Desktop\mbam.txt
2015-02-06 11:13 - 2015-02-06 11:13 - 00020721 _____ () C:\Users\Arty\Desktop\combofix.txt
2015-02-06 11:12 - 2015-02-06 11:12 - 00020721 _____ () C:\ComboFix.txt
2015-02-06 10:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 10:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 10:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 10:55 - 2015-02-06 11:12 - 00000000 ____D () C:\Qoobox
2015-02-06 10:54 - 2015-02-06 11:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 09:32 - 2015-02-06 09:32 - 00006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-02-06 09:19 - 2015-02-06 09:19 - 00103613 _____ () C:\Users\Arty\Desktop\tdss.txt
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 _____ () C:\Users\Arty\Desktop\Neues Textdokument.txt
2015-02-05 17:47 - 2015-02-05 17:47 - 00009718 _____ () C:\Users\Arty\Desktop\gmer.log
2015-02-05 17:28 - 2015-02-05 17:28 - 00038783 _____ () C:\Users\Arty\Desktop\Addition.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00025819 _____ () C:\Users\Arty\Desktop\FRST.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00000470 _____ () C:\Users\Arty\Desktop\defogger_disable.log
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-08 00:19 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-06 22:56 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 00:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 00:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 00:04 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 00:04 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 20:12 - 2014-10-23 19:47 - 01338227 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 18:33 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-07 14:12 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 06:34 - 2014-10-23 21:00 - 00049471 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-07 06:33 - 2009-07-14 05:51 - 00116254 _____ () C:\Windows\setupact.log
2015-02-07 06:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 00:07 - 2015-01-08 09:13 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-02-06 22:57 - 2014-10-23 20:54 - 00337784 _____ () C:\Windows\PFRO.log
2015-02-06 22:40 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-06 11:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 09:32 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-06 09:32 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-02-06 09:32 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-06 01:17 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 01:17 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-06 01:16 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-06 01:14 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-05 19:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 19:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 12:15 - 2015-01-08 09:30 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:10 - 2015-01-08 19:45 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-09 17:10 - 2015-01-08 13:40 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-09 03:35 - 2015-01-08 14:11 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
==================== Files in the root of some directories =======
2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-06 09:32 - 2015-02-06 09:32 - 0006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
LastRegBack: 2015-02-03 08:41
==================== End Of Log ============================
--- --- --- |
|
08.02.2015, 11:38
| #12 |
| /// the machine /// TB-Ausbilder | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2015, 11:53
| #13 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-BefallCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Arty at 2015-02-08 11:43:25 Run:1
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
Emptytemp:
*****************
Fehler beim L”schen des angegebenen Datenelements.
Element nicht gefunden.
Fehler beim L”schen des angegebenen Datenelements.
Element nicht gefunden.
EmptyTemp: => Removed 1.6 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:43:40 ====
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Arty (administrator) on ARTY-PC on 08-02-2015 11:51:13
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml
Chrome:
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpA237.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 22:41 - 2015-02-07 22:41 - 00000988 _____ () C:\Users\Arty\Desktop\securitycheck.txt
2015-02-06 23:18 - 2015-02-06 23:18 - 00000000 ____D () C:\Users\Arty\AppData\Local\Steam
2015-02-06 23:03 - 2015-02-06 23:03 - 00000765 _____ () C:\Users\Arty\Desktop\JRT.txt
2015-02-06 22:59 - 2015-02-06 22:59 - 00001129 _____ () C:\Users\Arty\Desktop\AdwCleaner[S2].txt
2015-02-06 22:53 - 2015-02-06 22:53 - 00001200 _____ () C:\Users\Arty\Desktop\mbam.txt
2015-02-06 11:13 - 2015-02-06 11:13 - 00020721 _____ () C:\Users\Arty\Desktop\combofix.txt
2015-02-06 11:12 - 2015-02-06 11:12 - 00020721 _____ () C:\ComboFix.txt
2015-02-06 10:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 10:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 10:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 10:55 - 2015-02-06 11:12 - 00000000 ____D () C:\Qoobox
2015-02-06 10:54 - 2015-02-06 11:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 09:32 - 2015-02-06 09:32 - 00006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-02-06 09:19 - 2015-02-06 09:19 - 00103613 _____ () C:\Users\Arty\Desktop\tdss.txt
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 _____ () C:\Users\Arty\Desktop\Neues Textdokument.txt
2015-02-05 17:47 - 2015-02-05 17:47 - 00009718 _____ () C:\Users\Arty\Desktop\gmer.log
2015-02-05 17:28 - 2015-02-05 17:28 - 00038783 _____ () C:\Users\Arty\Desktop\Addition.txt
2015-02-05 17:27 - 2015-02-08 00:20 - 00027158 _____ () C:\Users\Arty\Desktop\FRST.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00000470 _____ () C:\Users\Arty\Desktop\defogger_disable.log
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-08 11:51 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-06 22:56 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 11:47 - 2014-10-23 21:00 - 00044310 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-08 11:46 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-08 11:45 - 2009-07-14 05:51 - 00117682 _____ () C:\Windows\setupact.log
2015-02-08 11:44 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 11:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:43 - 2014-10-23 19:47 - 01480252 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 11:43 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:43 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 11:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 06:32 - 2014-10-23 20:54 - 00338594 _____ () C:\Windows\PFRO.log
2015-02-08 03:29 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-08 00:31 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-07 00:07 - 2015-01-08 09:13 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-02-06 22:40 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-06 11:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 09:32 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-06 09:32 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-02-06 09:32 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-06 01:17 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 01:17 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-06 01:16 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-06 01:14 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-05 19:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 19:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 12:15 - 2015-01-08 09:30 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:10 - 2015-01-08 19:45 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-09 17:10 - 2015-01-08 13:40 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-01-09 03:35 - 2015-01-08 14:11 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
==================== Files in the root of some directories =======
2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-06 09:32 - 2015-02-06 09:32 - 0006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
LastRegBack: 2015-02-03 08:41
==================== End Of Log ============================
--- --- --- --- --- --- Wegen dem Testsigning und Integry Check: Könnte es damit zu tun haben, dass mein Windows momentan nur als Testversion läuft? Geändert von IIArtyII (08.02.2015 um 12:01 Uhr) Grund: Anmerkung |
|
08.02.2015, 16:24
| #14 |
| /// the machine /// TB-Ausbilder | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Ich gehe ja mal davon auss dass das nicht mit Absicht so läuft oder?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.02.2015, 16:34
| #15 |
| | Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall Doch tut es. Als ich im letzten Sommer meine Wohnung umgebaut habe und nebenbei auch so einiges entrümpelt habe, finde ich meinen Key nicht mehr. Im November hab ich meinen PC geupgradet, und seit dem läuft nur die Testversion. Jetzt hab ich noch 15 Tage Zeit mir einen neuen zu kaufen  |
|
| Themen zu Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall |
| cyberghost, defender, ebanking, entfernen, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode windows, flash player, homepage, installmanager.exe, launch, programm, registry, security, services.exe, software, super, svchost.exe, trojan.agent.ed, trojan.agent.stpd, trojan.downloader |
WARNUNG an die MITLESER: 
Linear-Darstellung
