| |
| |||||||
Log-Analyse und Auswertung: Infizierte .doc-Datei geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2015, 15:46
| #1 |
 |  Infizierte .doc-Datei geöffnet Hallo zusammen, gestern habe ich eine E-Mail erhalten, welche als Absender einen mir bekannten Namen und im Anhang eine .doc-Datei enthielt. Da ich bei E-Mail-Anhängen immer sehr misstrauisch bin, habe ich diesen vorher bei VirusTotal hochgeladen und keinen einzigen Treffer erhalten. Nach dem Öffnen mit Word 2013 wurden nur kryptische Zahlen- und Buchstabenkombinationen angezeigt. Inzwischen gibt es mehrere Treffer bei VirusTotal. https://www.virustotal.com/de/file/5c051968bc3f8b2be087fcbffd7a43a68d8a52c56251df36758e7ffc20bf0f28/analysis/1431785430/ Offenbar handelt es sich bei der dem Dokument um einen Makrovirus; in den Einstellungen von Word 2013 ist die Option auf "Alle Makros mit Benachrichtigung deaktivieren" gesetzt gewesen. Also dürfte meiner Ansicht nach nicht allzu viel passiert sein, trotzdem wäre es schon, wenn jemand einmal einen Blick drüber werfen könnte. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:17 on 16/05/2015 (xX2119Xx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02 Ran by xX2119Xx (administrator) on MATTHIAS-PC on 16-05-2015 16:18:47 Running from C:\Users\xX2119Xx\Downloads Loaded Profiles: xX2119Xx (Available profiles: xX2119Xx) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sandboxie Holdings, LLC) C:\Program Files (x86)\Sandboxie\SbieSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (AppWork GmbH) C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\JDownloader2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Ellanet Ltd) C:\Users\xX2119Xx\Desktop\prg\Move Mouse.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\MountPoints2: D - "D:\dvdcheck.exe" HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\MountPoints2: {ee7b7feb-f788-11e4-82da-bcee7b2b66d7} - "G:\start.exe" /auto AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-04-09] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [154256 2015-04-09] (NVIDIA Corporation) Startup: C:\Users\xX2119Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4255755958-1389709673-710600270-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-07] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-05] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-07] (Oracle Corporation) DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler: AutorunsDisabled - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation) Handler-x32: AutorunsDisabled - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-14] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-14] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-07] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-10-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-4255755958-1389709673-710600270-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-10-22] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-08] (Tracker Software Products (Canada) Ltd.) FF Extension: WOT - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-10] FF Extension: ZenMate Security & Privacy VPN - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\firefox@zenmate.com.xpi [2014-11-09] FF Extension: Video DownloadHelper - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-17] FF Extension: Adblock Plus - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-08] FF Extension: QuickJava - C:\Users\xX2119Xx\AppData\Roaming\Mozilla\Firefox\Profiles\lm378rrh.default-1414804684893\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-11-30] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-04-25] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-01] (Adobe Systems) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation) R2 SbieSvc; C:\Program Files (x86)\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2014-02-13] (ASUS Corporation) R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2014-04-01] (AVM Berlin) U0 bieg; C:\Windows\System32\drivers\piyvxirq.sys [79064 2015-05-15] (Malwarebytes Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-03-08] (Disc Soft Ltd) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-16] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows (R) Win 7 DDK provider) R3 SbieDrv; C:\Program Files (x86)\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - ) S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-05-24] () S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:18 - 2015-05-16 16:18 - 02107392 _____ (Farbar) C:\Users\xX2119Xx\Downloads\FRST64.exe 2015-05-16 16:18 - 2015-05-16 16:18 - 00019515 _____ () C:\Users\xX2119Xx\Downloads\FRST.txt 2015-05-16 16:18 - 2015-05-16 16:18 - 00000000 ____D () C:\FRST 2015-05-16 16:17 - 2015-05-16 16:17 - 00050477 _____ () C:\Users\xX2119Xx\Downloads\Defogger.exe 2015-05-16 16:17 - 2015-05-16 16:17 - 00000478 _____ () C:\Users\xX2119Xx\Downloads\defogger_disable.log 2015-05-16 16:17 - 2015-05-16 16:17 - 00000000 _____ () C:\Users\xX2119Xx\defogger_reenable 2015-05-16 15:38 - 2015-05-16 15:38 - 01560576 _____ (KC Softwares ) C:\Users\xX2119Xx\Downloads\sumo_lite.exe 2015-05-15 17:01 - 2015-05-15 17:01 - 00001316 _____ () C:\Users\xX2119Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk 2015-05-15 17:01 - 2015-05-15 17:00 - 00001093 _____ () C:\Users\xX2119Xx\Desktop\Kaspersky Security Scan.lnk 2015-05-15 17:00 - 2015-05-15 17:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-05-15 17:00 - 2015-05-15 17:00 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2015-05-15 16:59 - 2015-05-15 16:59 - 00416576 _____ (Kaspersky Lab) C:\Users\xX2119Xx\Downloads\de-de.setup.exe 2015-05-15 14:56 - 2015-05-15 14:56 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\piyvxirq.sys 2015-05-15 14:22 - 2015-05-15 14:27 - 00000000 ____D () C:\AdwCleaner 2015-05-15 14:21 - 2015-05-15 14:22 - 02209792 _____ () C:\Users\xX2119Xx\Downloads\adwcleaner_4.204.exe 2015-05-14 16:43 - 2015-05-14 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2015-05-14 16:43 - 2015-05-14 16:43 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite 2015-05-14 15:58 - 2015-05-14 15:58 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\Program Files\iTunes 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\Program Files\iPod 2015-05-14 15:58 - 2015-05-14 15:58 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-05-14 15:55 - 2015-05-14 15:55 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\openvr 2015-05-13 00:41 - 2015-05-14 15:33 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Steuer-Sparbuch 2015-05-13 00:30 - 2015-05-13 00:41 - 00000593 _____ () C:\Windows\wiso.ini 2015-05-13 00:30 - 2015-05-13 00:34 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Buhl 2015-05-13 00:29 - 2015-05-13 00:30 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH 2015-05-13 00:29 - 2015-05-13 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2015 2015-05-13 00:29 - 2015-05-13 00:29 - 00000000 ____D () C:\Program Files (x86)\WISO 2015-05-11 21:23 - 2015-05-15 00:32 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\CyberGhost 2015-05-11 21:23 - 2015-05-13 00:42 - 00001784 _____ () C:\Users\xX2119Xx\Desktop\CyberGhost 5.lnk 2015-05-11 21:23 - 2015-05-11 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-05-11 21:23 - 2015-05-11 21:23 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-05-11 21:23 - 2015-05-11 21:23 - 00000000 ____D () C:\Program Files\CyberGhost 5 2015-05-09 00:28 - 2015-05-14 16:23 - 00000000 ____D () C:\Program Files\Speccy 2015-05-09 00:28 - 2015-05-09 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2015-05-09 00:03 - 2015-05-09 00:03 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Razer 2015-05-09 00:03 - 2015-05-09 00:03 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Razer_Inc 2015-05-09 00:01 - 2015-05-09 09:53 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Razer 2015-05-09 00:00 - 2015-05-09 09:53 - 00000000 ____D () C:\ProgramData\Razer 2015-05-08 16:29 - 2015-05-08 16:29 - 00000827 _____ () C:\Users\xX2119Xx\Desktop\Grand Theft Auto V.lnk 2015-05-08 12:43 - 2015-05-08 23:44 - 00000000 ____D () C:\Program Files\Rockstar Games 2015-05-07 20:21 - 2015-05-07 20:21 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-05-07 20:20 - 2015-05-16 15:49 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0 2015-05-04 12:36 - 2015-05-04 12:36 - 00741031 ____T () C:\Users\xX2119Xx\Desktop\studium.oxps 2015-04-28 12:14 - 2015-04-28 12:14 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\NVIDIA 2015-04-26 14:43 - 2015-04-26 14:43 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\Ellanet 2015-04-25 03:04 - 2015-05-16 15:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-17 06:00 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-17 06:00 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-17 06:00 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-04-17 06:00 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-17 06:00 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-04-17 06:00 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2015-04-17 06:00 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-17 06:00 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-17 06:00 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-04-17 06:00 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-04-17 06:00 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-04-17 06:00 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-04-17 06:00 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2015-04-17 06:00 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2015-04-17 05:57 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-17 05:57 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-17 05:57 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-17 05:57 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-04-17 05:57 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-17 05:57 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-17 05:57 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-17 05:57 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-17 05:57 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-17 05:57 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-04-17 05:57 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-04-17 05:57 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-17 05:57 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-17 05:57 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-17 05:57 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-04-17 05:57 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-17 05:57 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-17 05:57 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-17 05:57 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-17 05:57 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-17 05:57 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-17 05:57 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-17 05:57 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-17 05:57 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-17 05:56 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-17 05:56 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-17 05:56 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-17 05:56 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-17 05:56 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-17 05:56 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-17 05:56 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-17 05:56 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-17 05:56 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-17 05:56 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2015-04-17 05:56 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-04-17 05:56 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-17 05:56 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-17 05:56 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-17 05:56 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-17 05:56 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-17 05:56 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-17 05:56 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-17 05:56 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2015-04-17 05:56 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-17 05:56 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-17 05:56 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-16 16:17 - 2014-03-31 20:35 - 00000000 ____D () C:\Users\xX2119Xx 2015-05-16 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-16 15:59 - 2014-04-01 16:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-16 15:52 - 2014-05-17 23:22 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-16 15:50 - 2014-04-03 00:46 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-16 15:43 - 2014-03-31 20:41 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4255755958-1389709673-710600270-1001 2015-05-16 15:42 - 2014-04-04 19:13 - 01209344 ___SH () C:\Users\xX2119Xx\Desktop\Thumbs.db 2015-05-16 15:24 - 2014-04-05 01:10 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\vlc 2015-05-16 13:48 - 2014-03-31 20:42 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-16 13:48 - 2013-08-23 01:24 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2015-05-16 13:48 - 2013-08-23 01:24 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2015-05-16 12:52 - 2014-05-17 23:22 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-15 17:48 - 2014-04-01 18:57 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-05-15 14:56 - 2014-08-05 16:26 - 00000000 ____D () C:\Windows\de 2015-05-15 14:29 - 2014-05-24 00:16 - 00000062 _____ () C:\Users\xX2119Xx\AppData\Roaming\sp_data.sys 2015-05-15 14:28 - 2014-03-31 20:53 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-15 14:28 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-15 14:27 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-05-15 12:47 - 2014-05-17 23:22 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-05-15 12:47 - 2014-05-17 23:22 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-05-15 12:16 - 2014-04-04 23:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-14 19:53 - 2014-04-02 00:00 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Cross Fire 2015-05-14 19:52 - 2014-10-09 18:46 - 00000000 ____D () C:\Users\xX2119Xx\Documents\HyperCam3 2015-05-14 19:43 - 2014-12-08 00:42 - 00033609 _____ () C:\Windows\system32\energy-report.html 2015-05-14 19:22 - 2014-07-14 03:07 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2015-05-14 16:45 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-05-14 16:42 - 2014-04-23 00:27 - 00206848 ___SH () C:\Users\xX2119Xx\Downloads\Thumbs.db 2015-05-14 16:40 - 2014-09-16 21:48 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Adobe 2015-05-14 16:40 - 2014-04-01 16:54 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-14 16:37 - 2014-11-01 03:16 - 00000000 ____D () C:\Program Files (x86)\Java 2015-05-14 16:37 - 2014-04-09 23:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2015-05-14 16:36 - 2014-04-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free 2015-05-14 16:18 - 2014-04-03 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-14 16:18 - 2014-04-03 00:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-14 15:58 - 2014-09-22 18:33 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-14 15:50 - 2014-04-01 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo 2015-05-14 15:50 - 2014-04-01 18:20 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo 2015-05-14 15:49 - 2014-04-01 17:49 - 00000000 ____D () C:\Program Files\CCleaner 2015-05-14 15:47 - 2014-04-01 16:20 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-14 15:35 - 2014-05-17 23:22 - 00000000 ____D () C:\Program Files (x86)\Google 2015-05-14 10:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-05-14 09:58 - 2014-06-29 20:57 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\DAEMON Tools Lite 2015-05-14 09:58 - 2014-04-04 17:39 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\CrashDumps 2015-05-13 01:14 - 2014-04-01 18:26 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Deployment 2015-05-13 00:45 - 2014-04-10 14:40 - 00000000 ____D () C:\Users\xX2119Xx\Desktop\pics 2015-05-13 00:29 - 2014-03-31 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-05-12 15:52 - 2014-07-25 18:28 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-11 20:24 - 2015-02-05 11:19 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-05-09 19:49 - 2014-04-01 18:56 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\Skype 2015-05-09 17:30 - 2014-04-01 18:56 - 00000000 ____D () C:\ProgramData\Skype 2015-05-09 09:52 - 2014-04-01 18:40 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2015-05-09 00:27 - 2014-06-21 14:53 - 00000000 ____D () C:\Windows\Minidump 2015-05-09 00:24 - 2014-04-01 19:01 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Roaming\uTorrent 2015-05-08 23:44 - 2014-04-08 14:14 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games 2015-05-08 14:22 - 2015-03-27 12:43 - 00001594 _____ () C:\Windows\Sandboxie.ini 2015-05-08 14:21 - 2014-04-08 22:55 - 00000000 ____D () C:\Users\xX2119Xx\Documents\Rockstar Games 2015-05-08 14:20 - 2014-04-08 21:38 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Rockstar Games 2015-05-07 20:16 - 2014-11-01 03:16 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-05-07 20:16 - 2014-04-01 18:37 - 00000000 ____D () C:\ProgramData\Oracle 2015-05-05 19:59 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-05 19:59 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-01 18:51 - 2014-06-11 12:36 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-05-01 18:51 - 2014-06-10 17:12 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-05-01 18:50 - 2014-06-11 12:36 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-05-01 18:50 - 2014-06-10 17:12 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-04-28 12:19 - 2014-03-31 20:36 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\VirtualStore 2015-04-28 12:13 - 2015-03-19 13:56 - 00000454 _____ () C:\Users\xX2119Xx\.swfinfo 2015-04-26 14:47 - 2014-04-10 16:26 - 00000000 ____D () C:\Users\xX2119Xx\Desktop\prg 2015-04-25 13:16 - 2014-04-01 16:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-25 04:22 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-20 10:39 - 2014-04-01 16:45 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-20 10:37 - 2014-04-01 16:45 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-19 01:28 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-04-19 00:14 - 2014-04-03 00:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-04-19 00:14 - 2014-04-03 00:23 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-17 05:57 - 2013-08-22 15:25 - 00000167 _____ () C:\Windows\win.ini 2015-04-17 05:13 - 2014-03-31 20:36 - 00000000 ____D () C:\Users\xX2119Xx\AppData\Local\Packages 2015-04-17 04:39 - 2014-11-12 05:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll ==================== Files in the root of some directories ======= 2014-06-10 17:47 - 2014-06-10 17:47 - 0000021 _____ () C:\Users\xX2119Xx\AppData\Roaming\my_intel.sys 2014-05-24 00:16 - 2015-05-15 14:29 - 0000062 _____ () C:\Users\xX2119Xx\AppData\Roaming\sp_data.sys 2014-10-09 18:46 - 2014-10-09 19:14 - 0003584 _____ () C:\Users\xX2119Xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-25 14:10 - 2014-08-25 14:10 - 0001430 _____ () C:\Users\xX2119Xx\AppData\Local\RecConfig.xml 2014-05-01 20:23 - 2014-05-01 20:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-08-01 00:51 - 2014-08-01 00:51 - 0001534 _____ () C:\ProgramData\ss.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-15 12:39 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-05-2015 02
Ran by xX2119Xx at 2015-05-16 16:19:08
Running from C:\Users\xX2119Xx\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4255755958-1389709673-710600270-500 - Administrator - Disabled)
Gast (S-1-5-21-4255755958-1389709673-710600270-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4255755958-1389709673-710600270-1003 - Limited - Enabled)
xX2119Xx (S-1-5-21-4255755958-1389709673-710600270-1001 - Administrator - Enabled) => C:\Users\xX2119Xx
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.10 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.8 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
Beurer HealthManager (HKLM-x32\...\Beurer HealthManager) (Version: 3.0.0.0 - Beurer Health And Well-Being)
Beurer HealthManager (x32 Version: 3.0.0.0 - Beurer Health And Well-Being) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CrossFire - DE (HKLM\...\{F2980ADE-338E-4609-A07F-92F6ECFC94C0}) (Version: 1.0.3.40 - FAME Gaming)
CrystalDiskInfo 6.3.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.3.2 - Crystal Dew World)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\2db37667170956ee) (Version: 2.3.2.0 - AVM Berlin)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto V Digital Deluxe Edition MULTi11 1.0 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition MULTi11 1.0) (Version: - )
Grand Theft Auto V Digital Deluxe Edition Update 4 Version MULTi11 1.0.350.2 (HKLM-x32\...\Grand Theft Auto V Digital Deluxe Edition Update 4 Version MULTi11 1.0.350.2) (Version: - )
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
Hamsterball 3.6 (HKLM-x32\...\Hamsterball_is1) (Version: - Raptisoft)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 3.13.8.262 - KC Softwares)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.1.3 (HKLM-x32\...\{DE46417A-9E9E-4BCD-BBDD-DA21943193BB}_is1) (Version: 1.1.3 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 de)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0017-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{98223B6C-F59E-4928-B553-43605D52ED19}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
StartIsBack+ (HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartIsBack) (Version: 1.7 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steganos Safe 15 (HKLM-x32\...\{D3FB0B73-11DF-41EE-9B6D-C7198079A88E}) (Version: 15.2.1 - Steganos Software GmbH)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{CBCC2FD8-7DFE-4752-95B5-2E447C226F45}) (Version: - Microsoft)
Video Download Capture Version 5.0.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.0.0 - APOWERSOFT LIMITED)
VirusTotal Uploader 2.0 (HKLM-x32\...\VirusTotalUploader2.0) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - ASUS (ATP) Mouse (01/07/2014 1.0.0.197) (HKLM\...\2BEE838DC3D664A0CAB23AEA0332BB3877ED0685) (Version: 01/07/2014 1.0.0.197 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{D06DEBBB-C19E-48C5-A65E-8FBC2F22C0D6}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.9 - ZONER software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{61625667-893E-4707-B925-A82B528C00B9}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{AD1405D2-30CF-4877-8468-1EE1C52C759F}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
CustomCLSID: HKU\S-1-5-21-4255755958-1389709673-710600270-1001_Classes\CLSID\{E5C31EC8-C5E6-4E07-957E-944DB4AAD85E}\InprocServer32 -> C:\Users\xX2119Xx\AppData\Local\StartIsBack\StartIsBack64.dll (www.startisback.com)
==================== Restore Points =========================
13-05-2015 00:29:19 Installiert WISO Steuer-Sparbuch 2015
14-05-2015 15:35:50 Removed Google Earth Plug-in
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-05-12 19:29 - 2015-05-13 00:32 - 00000990 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02DD386C-9B6E-4898-9B44-378E850EA6C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => F:\Programme\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1711415B-2897-4953-B541-54E910DF05FF} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-05-15] ()
Task: {17FB729E-2B69-4226-8413-008A723A5950} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-17] (Google Inc.)
Task: {1C69EF5C-0AFA-4483-A35C-20B267988E32} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2297571D-A134-4C81-A131-D10ACA243801} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-01-16] (ASUSTek Computer Inc.)
Task: {24375097-4F27-4C91-849B-60A8E3396AC7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-20] (Microsoft Corporation)
Task: {2688C268-59C0-4B16-8786-691DBEDECF75} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => F:\Programme\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5F7F00DF-513D-49A9-86BE-7F94C75E324B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)
Task: {73489A70-68AA-44DC-8B7D-F6D4F730B683} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-14] (Adobe Systems Incorporated)
Task: {894A468B-D9A9-4A91-B889-DAFE39FC6D83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {99F02D71-BD07-404C-AA90-D7AC83CDF7CB} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {A0352944-FC71-428A-8FFB-B242D67AE92C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-27] ()
Task: {A1A8E18A-6E52-4733-B0B0-48D2383528AD} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {A4CA35F5-30E1-495F-AE18-C5AC76606E6C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {C67C7C96-0365-4F82-953E-32D16813C85C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {C6F89040-4CF7-4E2F-B368-D762A50735CE} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-02-13] (AsusTek)
Task: {CE1629CF-ED16-4128-BB10-C6C286E94F67} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E32AC5B6-8159-4147-BDC0-771E07A4D685} - System32\Tasks\Aufgaben der Ereignisanzeige\Application => C:\Windows\explorer.exe [2015-01-28] (Microsoft Corporation)
Task: {E551CFC1-75CB-4562-9306-0BCFEB001F0A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-05-15] ()
Task: {E9221B94-B916-4138-B698-D2E053676A8B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-17] (Google Inc.)
Task: {ECD33400-A220-400E-B511-66145FB6A406} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EF894B0D-6909-4002-9E16-2E62E10CECFC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-31 20:53 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-11 17:08 - 2014-02-11 17:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-11 17:08 - 2014-02-11 17:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2010-11-17 16:00 - 2010-11-17 16:00 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 15\ShellExtension.dll
2015-01-20 11:35 - 2015-01-20 11:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 11:35 - 2015-01-20 11:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-15 14:29 - 2015-05-15 14:29 - 00566439 _____ () C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2015-05-15 14:29 - 2015-05-15 14:29 - 04078962 _____ () C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2015-04-08 21:53 - 2015-04-08 21:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-09-09 18:23 - 2013-09-09 18:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 20:41 - 2013-10-08 20:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-05-24 12:41 - 2014-09-28 06:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-05-24 00:10 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-06-15 23:40 - 2014-06-15 23:40 - 02124256 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 07422144 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 02453696 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00192704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2014-06-15 23:39 - 2014-06-15 23:39 - 00794816 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2011-09-05 19:36 - 2011-09-05 19:36 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
2011-09-05 19:36 - 2011-09-05 19:36 - 00180224 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\xX2119Xx\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\Control Panel\Desktop\\Wallpaper -> F:\Bilder\Neuseeland\PANO_20150413_095833.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Adobe Version Cue CS2"
HKLM\...\StartupApproved\Run32: => "SAFE15 File Redirection Starter"
HKLM\...\StartupApproved\Run32: => "Steganos HotKeys"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "AVMUSBFernanschluss"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "SAFE15 Browser Monitor"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "Zoner Photo Studio Service 16"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-4255755958-1389709673-710600270-1001\...\StartupApproved\Run: => "CyberGhost"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{98C9B31F-4770-4478-8FF3-4191AB57D6A2}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Apps\2.0\2PXGEDJP.4OC\AVNBX6YB.ZO4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{D36A06D9-C880-4C19-A6A8-A20116C2BA92}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Apps\2.0\2PXGEDJP.4OC\AVNBX6YB.ZO4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{10A8C91E-CA8C-487F-BB8A-4A18E933094B}] => (Allow) C:\Users\xX2119Xx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{70BAE2A5-AC50-44CF-9756-8A58CF585FE4}] => (Allow) C:\Users\xX2119Xx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{534B7EAF-1EE0-4F12-97DE-BE45B2691ECA}] => (Allow) D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{998607A1-E1D5-40FD-B930-3E27D1FDF225}] => (Allow) D:\Programme\Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe
FirewallRules: [{0A17AD25-FE9F-4C43-ACD3-5D8BDE81BD38}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{20F9ED0E-A844-401F-8FED-2156D1B912FE}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{311887B7-F95E-44EF-B78E-55F0EA4D8794}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{100C8F5C-B350-44DC-8B60-15459FDE637E}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1ADD2A8B-6A8A-4166-9886-D16505C6E571}] => (Allow) F:\Programme\Microsoft Office\Office15\outlook.exe
FirewallRules: [TCP Query User{FD0BE14A-9922-4A3C-8C74-ABAD789D1E56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{5B1A4925-5A41-414E-9072-93D6BED92AF9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{65E72143-3749-41F2-980A-2B3993828BE7}C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{093D3CF7-D872-4EA8-8C84-1BEF25D8E0AE}C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe] => (Allow) C:\users\xx2119xx\appdata\local\apps\2.0\2pxgedjp.4oc\avnbx6yb.zo4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
FirewallRules: [{9AD61A7F-76A6-4C25-8886-F5438FD527BC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1599556C-D9BC-4CD1-BFDF-7C36F4EADA13}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3EE5FEBE-34EF-44CC-9C36-153F50F4459F}] => (Allow) F:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{40E401C7-A338-4F74-9037-607D2C4CDDC3}] => (Allow) F:\SteamLibrary\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A29FB6E-CA8C-43B5-840B-BC01A6DAC91D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F04B2EA4-6871-41EC-BE58-250B76ECE243}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{6655F2D3-E89F-4BCD-8CE4-D539BF43B487}F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{684CD05D-EAC6-46A5-ACEA-33D3E6251BC8}F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{780E925D-5D10-40BA-8D4D-BED337B950BE}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{CBF8764A-54F8-48A2-B5AC-5A9FD82AC6A4}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe
FirewallRules: [{AEBA8E31-5510-4ACB-930D-56C929795E82}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F2CC7787-A6B1-4B23-A8E4-78DF9950E4A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0AE59F77-B1AA-4AE0-922F-3BE8D2D36CCA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E264B9FA-EB2A-4587-8D55-6875F18E49B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0090E448-8022-4299-A006-083B6DE8F1AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1B55F157-FC1E-49BD-88E4-8E71E6D8E683}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4F2A39EE-D5E0-4BF2-A6F0-95EBF1E265DD}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [{2F5E0EA3-60D5-49B8-9033-B0A47D98F135}] => (Allow) F:\SteamLibrary\SteamApps\common\Grand Theft Auto IV Episodes from Liberty City\EFLC\LaunchEFLC.exe
FirewallRules: [TCP Query User{17CD9FF2-783B-48B7-BBF5-32D31054CC0C}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [UDP Query User{4EAAF8BA-616B-4219-A47D-1B11AD4BC661}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Allow) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [TCP Query User{EFB0AB5F-4922-4DAC-9B9F-0EDDE11896DC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EE8B3FBD-0D82-4B71-BF20-FBDB89B98E91}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9C4CEAC2-090B-4E5F-8A9F-20BF45388E87}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4B2E8607-0D6F-49EB-9FE3-656792F3C06E}] => (Allow) LPort=2869
FirewallRules: [{66E3C322-5055-4FF6-9CDD-935E5F3DAF8B}] => (Allow) LPort=1900
FirewallRules: [{19766190-EA10-4617-9FFF-32B2BFC8E8A1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BB427789-80AF-4CC2-AAF3-87EB40BEED75}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0C640989-D22C-4B63-B5A3-32E1747C3628}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{00AF8815-D393-4D10-8DC3-80FF40611730}] => (Allow) F:\Programme\Microsoft Office\Office15\lync.exe
FirewallRules: [{636E467D-E1F3-4234-BF36-D24480D62FB8}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E2ECF340-E8E7-4892-8AA4-5513381EEC83}] => (Allow) F:\Programme\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E7C632AC-2513-46F2-93E5-27239B024B05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5CAF7D78-D8E6-4154-9A07-BAA6DC78E902}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{36277075-EEAA-4D19-9FA7-4FE03A7A79C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8857AE7-7D31-4547-B194-043BB3E9C8CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{926A62C7-9885-4D88-A4CB-C5C2F19E7843}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Block) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [UDP Query User{FDE00A95-3174-4CD3-A181-040FB8622C3E}F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe] => (Block) F:\steamlibrary\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe
FirewallRules: [{5752A242-0803-479C-BEC1-8D3435C1C053}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D47A0DFE-E4EF-4282-8A91-BE91D6F218B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{703E1E58-85EB-4C6C-81EC-BF492476B454}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{05BBDF50-97B3-4FE7-B065-5DF05095BB1B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9F8EBC86-AAC6-4CF9-A786-C3F96535E1A7}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{88CBAC3C-3DAC-4313-AC69-E1317C044A63}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9BBB52A5-1307-4A68-B1FF-6648706B0D4E}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Temp\nsrD45.tmp\CnetInstaller-10618974.exe
FirewallRules: [{DEEF1EBF-C95A-4D92-B7E3-1BAB5A25D186}] => (Allow) C:\Users\xX2119Xx\AppData\Local\Temp\nsrD45.tmp\CnetInstaller-10618974.exe
FirewallRules: [{E0C8BD7E-87BD-4A78-A7C0-0752014A82FD}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{C90FF431-3791-42D6-A5C7-BE70FD6ADF24}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\Streaming Video Recorder.exe
FirewallRules: [{43735FAD-13F9-452B-A0AD-528CD5F2FC55}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{58D155CA-7C9F-4870-BB89-5B8AACEBC654}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftSrv.dll
FirewallRules: [{3757A1D3-4A0C-4593-B743-1B36B7AF2002}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{0E4B3584-889B-4580-A737-DE700D663B58}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDump.dll
FirewallRules: [{76CA00C2-DB44-42EC-8837-929FF49E860E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{6F07CD83-D56F-4CFC-BC04-91B5F826A114}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftAC.dll
FirewallRules: [{B1DEB901-D8DA-478C-BC6E-938ACA1FAC7B}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{C35DD935-1447-4CF1-AD05-C085A13DBC8D}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftPlayer.dll
FirewallRules: [{882810D4-E171-4A02-B7A5-62F3D1CC68D1}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{5C46430A-1F34-4317-ABBD-0DE98EB65A9E}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftDownloaderHelp.dll
FirewallRules: [{EAE2C52F-EEDA-4751-A045-C02A39874F83}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{93DD6AC5-45F1-4FC8-AE38-CADAACDC4B59}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Video Recorder\ApowersoftHDSDump.dll
FirewallRules: [{FD0A30E7-A735-4A92-9782-52D9483F97BF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{0E427867-A22B-42AC-9297-9FE05032529A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{B716BB12-D420-40B3-8F1E-BE1A994B2B83}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{FE25E4B9-DE6C-4BBE-9C1F-52B359BFFBB8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{9F378B4B-5676-423C-90DB-E1C1A1E2C268}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{8CBA5CE6-F085-4C4F-A707-26D5C97D20C5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{50DDBB00-B5D5-437A-9E68-CD080DA8B0AF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{343493B1-0BF9-4523-80C6-6D6DB2BE0FF7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{D28420BD-75B6-4D68-A1D2-24B5687C31BD}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{EF5D52BD-CFFD-429E-BF58-1BBD31A1E81D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{66B46B30-DDF1-4ADB-907F-4410BF83E5D9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{3AA3B741-A979-40A4-AA65-DE4515347E8E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{7C424201-378B-4C54-B262-DB8D5621A5DC}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{4BB9A1A3-DDFB-4496-A8C8-B7561308FACF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{3DC812E5-061A-4778-9103-697941A1EEED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C1F3B01A-22E5-4A4D-B14A-697319B04452}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B44ADA35-B86E-4988-AB1D-611AFE4412B2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40C1CCA3-F762-4A9D-8A6E-E648DA112DFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{2585C43E-4A81-41D3-8792-072DFBD4939D}C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [UDP Query User{2693CF03-BD7B-40AF-A898-44D79388CB51}C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{57E7FBB6-8A84-4AD8-8241-3807959B6659}] => (Block) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{91340935-1C11-4754-815B-F19663A52696}] => (Block) C:\users\xx2119xx\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{9B613243-1F3E-4BDD-BDCA-76E00471EC14}F:\spiele\grand theft auto v\gta5.exe] => (Allow) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{A8CCC8A6-2997-4F8C-B275-0D99181171C5}F:\spiele\grand theft auto v\gta5.exe] => (Allow) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{4A08D0C2-4D17-4A9E-8EDE-5AC236092076}] => (Block) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{1411791A-ED62-4FAA-91F7-C51AA5540E3B}] => (Block) F:\spiele\grand theft auto v\gta5.exe
FirewallRules: [{27D94E9F-36BD-4460-B231-9D4A9763C71A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{795D91D2-0F2F-4CCD-A583-EF39EBE318E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C977A164-FD8B-4DA5-A87D-265DF89C1EE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B92A8F76-158C-4281-9331-354905E5E7EE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F44D3F6A-F003-4CF7-99B2-92B140989B6F}] => (Block) %ProgramFiles% (x86)\WISO\Steuersoftware 2015\wiso2015.exe
FirewallRules: [{00A5D69C-B293-43FA-8997-70EAC53FDC53}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/15/2015 02:27:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.0.5606, Zeitstempel: 0x554d0f95
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.0.5606, Zeitstempel: 0x554cfff8
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x17a4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (05/15/2015 00:39:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (05/14/2015 04:48:12 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/14/2015 09:57:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/13/2015 04:35:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/11/2015 09:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x5450355f
Name des fehlerhaften Moduls: msimtf.dll_unloaded, Version: 6.3.9600.17415, Zeitstempel: 0x54503bba
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001cce
ID des fehlerhaften Prozesses: 0xf4c
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5
Error: (05/10/2015 01:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.350.2, Zeitstempel: 0x554348e6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ff8b8741075
ID des fehlerhaften Prozesses: 0x820
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3
Vollständiger Name des fehlerhaften Pakets: GTA5.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA5.exe5
Error: (05/10/2015 00:50:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GTA5.exe, Version: 1.0.350.2, Zeitstempel: 0x554348e6
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ff8b8741075
ID des fehlerhaften Prozesses: 0x1180
Startzeit der fehlerhaften Anwendung: 0xGTA5.exe0
Pfad der fehlerhaften Anwendung: GTA5.exe1
Pfad des fehlerhaften Moduls: GTA5.exe2
Berichtskennung: GTA5.exe3
Vollständiger Name des fehlerhaften Pakets: GTA5.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: GTA5.exe5
Error: (05/10/2015 10:57:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (05/10/2015 10:49:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (05/15/2015 02:27:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/15/2015 02:27:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 02:27:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office 64 Source Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberGhost 5 Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/15/2015 02:27:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (05/15/2015 02:27:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.0.5606554d0f95mozalloc.dll38.0.0.5606554cfff88000000300001aa117a401d08f09c1470a03C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbdcfa75e-fafd-11e4-82db-bcee7b2b66d7
Error: (05/15/2015 00:39:57 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (05/14/2015 04:48:12 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/14/2015 09:57:15 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/13/2015 04:35:07 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed continue stopping. [6]
Error: (05/11/2015 09:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wwahost.exe6.3.9600.174155450355fmsimtf.dll_unloaded6.3.9600.1741554503bbac000000500001ccef4c01d08c1e4121c971C:\Windows\syswow64\wwahost.exemsimtf.dll82612134-f811-11e4-82da-bcee7b2b66d7Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (05/10/2015 01:31:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.350.2554348e6unknown0.0.0.000000000c000000500007ff8b874107582001d08b0fb4ae5bcbF:\Programme\Grand Theft Auto V\GTA5.exeunknown29050995-f708-11e4-82da-bcee7b2b66d7
Error: (05/10/2015 00:50:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.350.2554348e6unknown0.0.0.000000000c000000500007ff8b8741075118001d08b0d6f05b69dF:\Programme\Grand Theft Auto V\GTA5.exeunknown580e64ce-f702-11e4-82da-bcee7b2b66d7
Error: (05/10/2015 10:57:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
Error: (05/10/2015 10:49:50 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)
CodeIntegrity Errors:
===================================
Date: 2015-02-24 10:26:42.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-21 11:23:21.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-14 03:31:33.176
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-13 08:34:12.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-12 03:56:21.803
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2015-02-12 03:56:07.755
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
Date: 2015-02-10 04:22:53.598
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-08 17:13:25.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-02-01 06:39:11.432
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-01-01 15:05:42.139
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3981 MB
Available physical RAM: 1187.46 MB
Total Pagefile: 10125 MB
Available Pagefile: 6895.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.45 GB) (Free:34.2 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:188.55 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 05FAE66C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 83256085)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.05.2015, 15:47
| #2 |
| | Infizierte .doc-Datei geöffnetCode:
ATTFilter GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-05-16 16:39:48
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003c Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: so2xppvi.exe; Driver: C:\Users\xX2119Xx\AppData\Local\Temp\fxlyqkow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000bea00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff960000bea11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc8d9821d0 5 bytes JMP 00007ffd8d920180
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8d9829d0 7 bytes JMP 00007ffd8d9200d8
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8d984310 5 bytes JMP 00007ffd8d920110
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8d988d80 5 bytes JMP 00007ffd8d920148
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8d9ff0b0 5 bytes JMP 00007ffd8d9201b8
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffc8ff56d90 1 byte JMP 00007ffd8d920420
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffc8ff56d92 8 bytes {JMP 0xfffffffffd9c9690}
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffc8ff674a0 5 bytes JMP 00007ffd8d9203e8
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc8ff67560 9 bytes JMP 00007ffd8d920378
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc8ff67730 5 bytes JMP 00007ffd8d920458
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffc8ff76b10 5 bytes JMP 00007ffd8d9203b0
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc8e141500 1 byte JMP 00007ffd8d920490
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc8e141502 6 bytes {JMP 0xffffffffff7def90}
.text C:\Windows\system32\dwm.exe[944] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc8e141750 8 bytes JMP 00007ffd8d9204c8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc8d9821d0 5 bytes JMP 00007ffd8d920180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8d9829d0 7 bytes JMP 00007ffd8d9200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8d984310 5 bytes JMP 00007ffd8d920110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8d988d80 5 bytes JMP 00007ffd8d920148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8d9ff0b0 5 bytes JMP 00007ffd8d9201b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffc8e49d050 3 bytes JMP 00007ffd8d920500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance + 4 00007ffc8e49d054 3 bytes [FF, CC, CC]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffc8e4cb170 5 bytes JMP 00007ffd8d920538
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffc8ff56d90 1 byte JMP 00007ffd8d920420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffc8ff56d92 8 bytes {JMP 0xfffffffffd9c9690}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffc8ff674a0 5 bytes JMP 00007ffd8d9203e8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc8ff67560 9 bytes JMP 00007ffd8d920378
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc8ff67730 5 bytes JMP 00007ffd8d920458
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffc8ff76b10 5 bytes JMP 00007ffd8d9203b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc8e141500 1 byte JMP 00007ffd8d920490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc8e141502 6 bytes {JMP 0xffffffffff7def90}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[992] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc8e141750 8 bytes JMP 00007ffd8d9204c8
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc8d9821d0 5 bytes JMP 00007ffd8d920180
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8d9829d0 7 bytes JMP 00007ffd8d9200d8
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8d984310 5 bytes JMP 00007ffd8d920110
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8d988d80 5 bytes JMP 00007ffd8d920148
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8d9ff0b0 5 bytes JMP 00007ffd8d9201b8
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffc8ff56d90 1 byte JMP 00007ffd8d920420
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffc8ff56d92 8 bytes {JMP 0xfffffffffd9c9690}
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffc8ff674a0 5 bytes JMP 00007ffd8d9203e8
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffc8ff67560 9 bytes JMP 00007ffd8d920378
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffc8ff67730 5 bytes JMP 00007ffd8d920458
.text C:\Windows\system32\taskhostex.exe[1844] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffc8ff76b10 5 bytes JMP 00007ffd8d9203b0
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffc8e49d050 3 bytes JMP 00007ffd8d920500
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance + 4 00007ffc8e49d054 3 bytes [FF, CC, CC]
.text C:\Program Files\ASUS\P4G\BatteryLife.exe[1884] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffc8e4cb170 5 bytes JMP 00007ffd8d920538
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc8d9821d0 5 bytes JMP 00007ffd8d920180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8d9829d0 7 bytes JMP 00007ffd8d9200d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8d984310 5 bytes JMP 00007ffd8d920110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8d988d80 5 bytes JMP 00007ffd8d920148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8d9ff0b0 5 bytes JMP 00007ffd8d9201b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffc8ff56d90 1 byte JMP 00007ffd8d920420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffc8ff56d92 8 bytes {JMP 0xfffffffffd9c9690}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffc8ff674a0 5 bytes JMP 00007ffd8d9203e8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc8ff67560 9 bytes JMP 00007ffd8d920378
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc8ff67730 5 bytes JMP 00007ffd8d920458
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffc8ff76b10 5 bytes JMP 00007ffd8d9203b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffc8e49d050 3 bytes JMP 00007ffd8d920500
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance + 4 00007ffc8e49d054 3 bytes [FF, CC, CC]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3180] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffc8e4cb170 5 bytes JMP 00007ffd8d920538
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc8d9821d0 5 bytes JMP 00007ffd8d920180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8d9829d0 7 bytes JMP 00007ffd8d9200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8d984310 5 bytes JMP 00007ffd8d920110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8d988d80 5 bytes JMP 00007ffd8d920148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8d9ff0b0 5 bytes JMP 00007ffd8d9201b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffc8ff56d90 1 byte JMP 00007ffd8d920420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\USER32.dll!CreateWindowExW + 2 00007ffc8ff56d92 8 bytes {JMP 0xfffffffffd9c9690}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffc8ff674a0 5 bytes JMP 00007ffd8d9203e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc8ff67560 9 bytes JMP 00007ffd8d920378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffc8ff67730 5 bytes JMP 00007ffd8d920458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffc8ff76b10 5 bytes JMP 00007ffd8d9203b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc8e141500 1 byte JMP 00007ffd8d920490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffc8e141502 6 bytes {JMP 0xffffffffff7def90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc8e141750 8 bytes JMP 00007ffd8d9204c8
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc8e003e10 7 bytes JMP 00007ffd8d920260
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc8e003e20 7 bytes JMP 00007ffd8d920298
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc8e0b39b0 7 bytes JMP 00007ffd8d920340
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc8e0b3ef0 7 bytes JMP 00007ffd8d9202d0
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc8e0b3fe0 7 bytes JMP 00007ffd8d920308
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc8e0e06c0 7 bytes JMP 00007ffd8d9201f0
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc8e0e0730 7 bytes JMP 00007ffd8d920228
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc8d9821d0 5 bytes JMP 00007ffd8d920180
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc8d9829d0 7 bytes JMP 00007ffd8d9200d8
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc8d984310 5 bytes JMP 00007ffd8d920110
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc8d988d80 5 bytes JMP 00007ffd8d920148
.text C:\Windows\System32\SettingSyncHost.exe[4480] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffc8d9ff0b0 5 bytes JMP 00007ffd8d9201b8
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [624:648] fffff960009892d0
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:4676] 0000000000418f7a
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:964] 0000000067584f10
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:6124] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:6040] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:4716] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:4372] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:4616] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:2504] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:2592] 0000000074d14810
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:3616] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:5152] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:3120] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:6016] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:2084] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:2944] 00000000725e29e1
Thread C:\Windows\SYSTEM32\ntdll.dll [2904:5532] 00000000725e29e1
---- Processes - GMER 2.1 ----
Library C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\jna\jna2492193760527834243.dll (*** suspicious ***) @ C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\JDownloader2.exe [6032] (JNA native library/Java(TM) Native Access (JNA))(2015-05-15 12:29:15) 0000000180000000
Library C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll (*** suspicious ***) @ C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\JDownloader2.exe [6032](2015-05-15 12:29:19) 000000006cec0000
Library C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll (*** suspicious ***) @ C:\Users\xX2119Xx\AppData\Local\JDownloader v2.0\JDownloader2.exe [6032](2015-05-15 12:29:19) 000000006a2c0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 1686
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9B5BA3F5-7A5A-4D68-8859-FB4D198804BA}\Connection@Name isatap.fritz.box
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 483724093
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9B5BA3F5-7A5A-4D68-8859-FB4D198804BA}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9B5BA3F5-7A5A-4D68-8859-FB4D198804BA}@DefunctTimestamp 0xF5 0x39 0x56 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@DisplayName MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances@DefaultInstance MBAMSwissArmy Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 22161
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6716
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyLocalCollections@windows-explorer 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0x2F 0xA7 0xDA 0xE1 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 100
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xA2 0xEB 0xAF 0x32 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xA2 0xEB 0xAF 0x32 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 7750
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 869
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xA2 0xEB 0xAF 0x32 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 2527905
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 1269
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xA2 0xEB 0xAF 0x32 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xCA 0xE7 0xB1 0x32 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xEF 0x91 0x80 0xE5 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 173
---- EOF - GMER 2.1 ----
|
|
17.05.2015, 06:58
| #3 |
| /// the machine /// TB-Ausbilder    | Infizierte .doc-Datei geöffnet hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
17.05.2015, 11:40
| #4 |
| | Infizierte .doc-Datei geöffnet Hi schrauber, beim Start von MBAR erscheint folgendes Fenster: Code:
ATTFilter ---------------------------
Probable rootkit activity detected
---------------------------
Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.
Note: Press "No" button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again.
Do you want to remove this value and restart the tool?
---------------------------
Ja Nein
---------------------------
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.16.06
rootkit: v2015.05.16.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
xX2119Xx :: MATTHIAS-PC [administrator]
17.05.2015 12:28:30
mbar-log-2015-05-17 (12-28-30).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 414275
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 12:35:51.0853 0x0e0c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:36:01.0412 0x0e0c ============================================================
12:36:01.0412 0x0e0c Current date / time: 2015/05/17 12:36:01.0412
12:36:01.0412 0x0e0c SystemInfo:
12:36:01.0412 0x0e0c
12:36:01.0412 0x0e0c OS Version: 6.3.9600 ServicePack: 0.0
12:36:01.0412 0x0e0c Product type: Workstation
12:36:01.0412 0x0e0c ComputerName: MATTHIAS-PC
12:36:01.0412 0x0e0c UserName: xX2119Xx
12:36:01.0412 0x0e0c Windows directory: C:\Windows
12:36:01.0412 0x0e0c System windows directory: C:\Windows
12:36:01.0412 0x0e0c Running under WOW64
12:36:01.0412 0x0e0c Processor architecture: Intel x64
12:36:01.0413 0x0e0c Number of processors: 4
12:36:01.0413 0x0e0c Page size: 0x1000
12:36:01.0413 0x0e0c Boot type: Normal boot
12:36:01.0413 0x0e0c ============================================================
12:36:01.0465 0x0e0c KLMD registered as C:\Windows\system32\drivers\56247826.sys
12:36:01.0496 0x0e0c System UUID: {2E11C56A-2301-89EA-7C68-DD65D55B77F8}
12:36:01.0702 0x0e0c Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:36:01.0703 0x0e0c Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5800 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:36:01.0734 0x0e0c ============================================================
12:36:01.0734 0x0e0c \Device\Harddisk0\DR0:
12:36:01.0734 0x0e0c MBR partitions:
12:36:01.0734 0x0e0c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
12:36:01.0734 0x0e0c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xDEE4800
12:36:01.0734 0x0e0c \Device\Harddisk1\DR1:
12:36:01.0734 0x0e0c MBR partitions:
12:36:01.0734 0x0e0c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DAC
12:36:01.0734 0x0e0c ============================================================
12:36:01.0735 0x0e0c C: <-> \Device\Harddisk0\DR0\Partition2
12:36:01.0779 0x0e0c F: <-> \Device\Harddisk1\DR1\Partition1
12:36:01.0779 0x0e0c ============================================================
12:36:01.0779 0x0e0c Initialize success
12:36:01.0779 0x0e0c ============================================================
12:36:42.0852 0x1228 ============================================================
12:36:42.0852 0x1228 Scan started
12:36:42.0852 0x1228 Mode: Manual; SigCheck; TDLFS;
12:36:42.0852 0x1228 ============================================================
12:36:42.0852 0x1228 KSN ping started
12:36:45.0402 0x1228 KSN ping finished: true
12:36:45.0704 0x1228 ================ Scan system memory ========================
12:36:45.0704 0x1228 System memory - ok
12:36:45.0705 0x1228 ================ Scan services =============================
12:36:45.0731 0x1228 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
12:36:45.0761 0x1228 1394ohci - ok
12:36:45.0771 0x1228 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
12:36:45.0780 0x1228 3ware - ok
12:36:45.0795 0x1228 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:36:45.0815 0x1228 ACPI - ok
12:36:45.0821 0x1228 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
12:36:45.0830 0x1228 acpiex - ok
12:36:45.0834 0x1228 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
12:36:45.0842 0x1228 acpipagr - ok
12:36:45.0846 0x1228 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
12:36:45.0854 0x1228 AcpiPmi - ok
12:36:45.0858 0x1228 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
12:36:45.0865 0x1228 acpitime - ok
12:36:45.0869 0x1228 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:36:45.0873 0x1228 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
12:36:48.0377 0x1228 Detect skipped due to KSN trusted
12:36:48.0377 0x1228 Adobe LM Service - ok
12:36:48.0394 0x1228 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:36:48.0405 0x1228 AdobeFlashPlayerUpdateSvc - ok
12:36:48.0425 0x1228 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
12:36:48.0451 0x1228 ADP80XX - ok
12:36:48.0461 0x1228 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:36:48.0476 0x1228 AeLookupSvc - ok
12:36:48.0489 0x1228 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
12:36:48.0511 0x1228 AFD - ok
12:36:48.0520 0x1228 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:36:48.0528 0x1228 agp440 - ok
12:36:48.0534 0x1228 [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
12:36:48.0545 0x1228 ahcache - ok
12:36:48.0550 0x1228 [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
12:36:48.0563 0x1228 AiCharger - ok
12:36:48.0569 0x1228 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
12:36:48.0578 0x1228 ALG - ok
12:36:48.0585 0x1228 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
12:36:48.0596 0x1228 AmdK8 - ok
12:36:48.0602 0x1228 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
12:36:48.0613 0x1228 AmdPPM - ok
12:36:48.0620 0x1228 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:36:48.0628 0x1228 amdsata - ok
12:36:48.0639 0x1228 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:36:48.0655 0x1228 amdsbs - ok
12:36:48.0660 0x1228 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:36:48.0667 0x1228 amdxata - ok
12:36:48.0673 0x1228 [ 4542CC17440E85D2D2D73A7D40FAED0A, F157F9A137DEACFC5A1A982265F5CE05A79C0CF8F13291773E2351BEFCB94E08 ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
12:36:48.0682 0x1228 Apowersoft_AudioDevice - ok
12:36:48.0690 0x1228 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
12:36:48.0699 0x1228 AppID - ok
12:36:48.0705 0x1228 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:36:48.0712 0x1228 AppIDSvc - ok
12:36:48.0718 0x1228 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
12:36:48.0727 0x1228 Appinfo - ok
12:36:48.0734 0x1228 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:36:48.0740 0x1228 Apple Mobile Device Service - ok
12:36:48.0746 0x1228 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:36:48.0757 0x1228 AppMgmt - ok
12:36:48.0769 0x1228 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
12:36:48.0789 0x1228 AppReadiness - ok
12:36:48.0819 0x1228 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
12:36:48.0891 0x1228 AppXSvc - ok
12:36:48.0899 0x1228 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:36:48.0908 0x1228 arcsas - ok
12:36:48.0916 0x1228 [ DC2BA6926FA0CDCE273CC9897F05584A, CF35A55511C6241679FDB9D48DC43B61D86D071B974E7A668495E2021098E912 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:36:48.0925 0x1228 ASLDRService - ok
12:36:48.0929 0x1228 [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:36:48.0938 0x1228 ASMMAP64 - ok
12:36:48.0944 0x1228 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
12:36:48.0956 0x1228 atapi - ok
12:36:48.0975 0x1228 [ 18BDDA150B814F6EC8477499470F76CE, FD78EFC593288FE4F41ADBEBFF0DAB00C0DF0D3802BBD7B41DCCBFF8C5BF5525 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
12:36:48.0991 0x1228 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:36:51.0506 0x1228 Detect skipped due to KSN trusted
12:36:51.0507 0x1228 AtherosSvc - ok
12:36:51.0576 0x1228 [ 37B33DDE5490A2DF56DFB46580356E3F, 40FE378C9010B06FD7ADE30F76F916D5BDBB26525CF3D11D5780E2247B6099D8 ] athr C:\Windows\system32\DRIVERS\athwbx.sys
12:36:51.0661 0x1228 athr - ok
12:36:51.0672 0x1228 [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:36:51.0677 0x1228 ATKGFNEXSrv - ok
12:36:51.0680 0x1228 [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:36:51.0684 0x1228 ATKWMIACPIIO - ok
12:36:51.0688 0x1228 [ 169CB6853F535775259FC24BF9083EB9, 7635C8577BFDB317A5A6B33F83C946FD197233766B0CC99DC2B1DD8C511136AC ] ATP C:\Windows\System32\drivers\AsusTP.sys
12:36:51.0694 0x1228 ATP - ok
12:36:51.0701 0x1228 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:36:51.0713 0x1228 AudioEndpointBuilder - ok
12:36:51.0732 0x1228 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:36:51.0757 0x1228 Audiosrv - ok
12:36:51.0763 0x1228 [ 6A300AD0E23A155B2C3A7FAB0D4AABD1, AD283CC530482C0C155727C3234BFA4773C8C80B4C9912448196F83407C3CFD4 ] avmaura C:\Windows\System32\drivers\avmaura.sys
12:36:51.0770 0x1228 avmaura - ok
12:36:51.0775 0x1228 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:36:51.0784 0x1228 AxInstSV - ok
12:36:51.0795 0x1228 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:36:51.0813 0x1228 b06bdrv - ok
12:36:51.0818 0x1228 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
12:36:51.0825 0x1228 BasicDisplay - ok
12:36:51.0830 0x1228 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
12:36:51.0838 0x1228 BasicRender - ok
12:36:51.0842 0x1228 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
12:36:51.0847 0x1228 bcmfn2 - ok
12:36:51.0856 0x1228 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll
12:36:51.0870 0x1228 BDESVC - ok
12:36:51.0873 0x1228 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
12:36:51.0882 0x1228 Beep - ok
12:36:51.0900 0x1228 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\Windows\System32\bfe.dll
12:36:51.0922 0x1228 BFE - ok
12:36:51.0941 0x1228 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
12:36:51.0968 0x1228 BITS - ok
12:36:51.0979 0x1228 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:36:51.0990 0x1228 Bonjour Service - ok
12:36:51.0995 0x1228 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:36:52.0005 0x1228 bowser - ok
12:36:52.0016 0x1228 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:36:52.0029 0x1228 BrokerInfrastructure - ok
12:36:52.0035 0x1228 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
12:36:52.0044 0x1228 Browser - ok
12:36:52.0049 0x1228 [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
12:36:52.0053 0x1228 BTATH_BUS - ok
12:36:52.0061 0x1228 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
12:36:52.0069 0x1228 BthAvrcpTg - ok
12:36:52.0074 0x1228 [ 67343511D80BF3D6D9EEDB5BA8D0B06B, 28436B2E62762686C4FF4FA3F9E7ABB56DA9D6884B6C924ACC544161400593DD ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
12:36:52.0082 0x1228 BthHFEnum - ok
12:36:52.0087 0x1228 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
12:36:52.0095 0x1228 bthhfhid - ok
12:36:52.0105 0x1228 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
12:36:52.0121 0x1228 BthHFSrv - ok
12:36:52.0125 0x1228 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
12:36:52.0133 0x1228 BTHMODEM - ok
12:36:52.0139 0x1228 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
12:36:52.0148 0x1228 bthserv - ok
12:36:52.0152 0x1228 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:36:52.0165 0x1228 cdfs - ok
12:36:52.0172 0x1228 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
12:36:52.0180 0x1228 cdrom - ok
12:36:52.0186 0x1228 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
12:36:52.0198 0x1228 CertPropSvc - ok
12:36:52.0201 0x1228 [ 08D4BD3F12DFF3A11E4F2C09745DA0FA, 99A19D3B43F5B21A3E23B9A91D9443ED2710C14B954C769B837626181FC4F630 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
12:36:52.0207 0x1228 CGVPNCliService - ok
12:36:52.0211 0x1228 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
12:36:52.0220 0x1228 circlass - ok
12:36:52.0229 0x1228 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys
12:36:52.0243 0x1228 CLFS - ok
12:36:52.0251 0x1228 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
12:36:52.0258 0x1228 CmBatt - ok
12:36:52.0271 0x1228 [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG C:\Windows\system32\Drivers\cng.sys
12:36:52.0290 0x1228 CNG - ok
12:36:52.0297 0x1228 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
12:36:52.0305 0x1228 CompositeBus - ok
12:36:52.0308 0x1228 COMSysApp - ok
12:36:52.0312 0x1228 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
12:36:52.0322 0x1228 condrv - ok
12:36:52.0338 0x1228 [ F9693D45B0F1B346CCDEEC1F341AD389, 342C81EFB434EAC29865F8BB049051635C644D7EF355D0F5FB3ADD9DDCE55D82 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:36:52.0349 0x1228 cphs - ok
12:36:52.0357 0x1228 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:36:52.0369 0x1228 CryptSvc - ok
12:36:52.0382 0x1228 [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC C:\Windows\system32\drivers\csc.sys
12:36:52.0400 0x1228 CSC - ok
12:36:52.0417 0x1228 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\Windows\System32\cscsvc.dll
12:36:52.0439 0x1228 CscService - ok
12:36:52.0445 0x1228 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
12:36:52.0451 0x1228 dam - ok
12:36:52.0469 0x1228 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:36:52.0494 0x1228 DcomLaunch - ok
12:36:52.0507 0x1228 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
12:36:52.0525 0x1228 defragsvc - ok
12:36:52.0535 0x1228 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
12:36:52.0551 0x1228 DeviceAssociationService - ok
12:36:52.0556 0x1228 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
12:36:52.0566 0x1228 DeviceInstall - ok
12:36:52.0572 0x1228 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
12:36:52.0582 0x1228 Dfsc - ok
12:36:52.0588 0x1228 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:36:52.0594 0x1228 dg_ssudbus - ok
12:36:52.0603 0x1228 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
12:36:52.0618 0x1228 Dhcp - ok
12:36:52.0644 0x1228 [ 0922451B8DD96D013945E4A9E4AA6607, E94872880943FEC6C7C8B7421F8DCCFE67BDF7964D306803B3C839590574AF25 ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
12:36:52.0677 0x1228 Disc Soft Lite Bus Service - ok
12:36:52.0685 0x1228 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
12:36:52.0693 0x1228 disk - ok
12:36:52.0697 0x1228 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
12:36:52.0705 0x1228 dmvsc - ok
12:36:52.0713 0x1228 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:36:52.0724 0x1228 Dnscache - ok
12:36:52.0732 0x1228 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
12:36:52.0745 0x1228 dot3svc - ok
12:36:52.0753 0x1228 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
12:36:52.0764 0x1228 DPS - ok
12:36:52.0768 0x1228 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:36:52.0774 0x1228 drmkaud - ok
12:36:52.0781 0x1228 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
12:36:52.0792 0x1228 DsmSvc - ok
12:36:52.0799 0x1228 [ 080598EFE474B7A28D7260C3AC389E36, FB2862EFF05CCF60FA967DA1C3F3E5188D17D6040476684A393A03DAE3DBC92A ] dtlitescsibus C:\Windows\System32\drivers\dtlitescsibus.sys
12:36:52.0806 0x1228 dtlitescsibus - ok
12:36:52.0835 0x1228 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:36:52.0877 0x1228 DXGKrnl - ok
12:36:52.0885 0x1228 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
12:36:52.0894 0x1228 Eaphost - ok
12:36:52.0954 0x1228 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:36:53.0044 0x1228 ebdrv - ok
12:36:53.0053 0x1228 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
12:36:53.0061 0x1228 EFS - ok
12:36:53.0066 0x1228 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
12:36:53.0073 0x1228 EhStorClass - ok
12:36:53.0080 0x1228 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:36:53.0088 0x1228 EhStorTcgDrv - ok
12:36:53.0092 0x1228 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
12:36:53.0098 0x1228 ErrDev - ok
12:36:53.0111 0x1228 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
12:36:53.0130 0x1228 EventSystem - ok
12:36:53.0137 0x1228 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
12:36:53.0152 0x1228 exfat - ok
12:36:53.0160 0x1228 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:36:53.0171 0x1228 fastfat - ok
12:36:53.0185 0x1228 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
12:36:53.0205 0x1228 Fax - ok
12:36:53.0209 0x1228 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
12:36:53.0216 0x1228 fdc - ok
12:36:53.0219 0x1228 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
12:36:53.0226 0x1228 fdPHost - ok
12:36:53.0230 0x1228 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
12:36:53.0238 0x1228 FDResPub - ok
12:36:53.0246 0x1228 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
12:36:53.0256 0x1228 fhsvc - ok
12:36:53.0261 0x1228 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:36:53.0268 0x1228 FileInfo - ok
12:36:53.0272 0x1228 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:36:53.0283 0x1228 Filetrace - ok
12:36:53.0317 0x1228 [ 73081CF28F0AE20A52CA4F67CEE6E6B0, 806C769F3638D25FF1892C7223E7250AA3B9F627DF3AD83BC5AE1FEF7016F86A ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:36:53.0348 0x1228 FLEXnet Licensing Service - ok
12:36:53.0353 0x1228 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
12:36:53.0361 0x1228 flpydisk - ok
12:36:53.0372 0x1228 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:36:53.0386 0x1228 FltMgr - ok
12:36:53.0411 0x1228 [ 7269C9013FCFA3C6E70F03E2630DBFC3, AAB282B4444CC17D197974D05063C7C97E5202E604681DD2DC3BCF0AE77D6057 ] FontCache C:\Windows\system32\FntCache.dll
12:36:53.0446 0x1228 FontCache - ok
12:36:53.0451 0x1228 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:36:53.0458 0x1228 FontCache3.0.0.0 - ok
12:36:53.0462 0x1228 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:36:53.0469 0x1228 FsDepends - ok
12:36:53.0472 0x1228 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:36:53.0479 0x1228 Fs_Rec - ok
12:36:53.0492 0x1228 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:36:53.0511 0x1228 fvevol - ok
12:36:53.0515 0x1228 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
12:36:53.0522 0x1228 FxPPM - ok
12:36:53.0526 0x1228 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:36:53.0533 0x1228 gagp30kx - ok
12:36:53.0536 0x1228 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:36:53.0540 0x1228 GEARAspiWDM - ok
12:36:53.0544 0x1228 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
12:36:53.0550 0x1228 gencounter - ok
12:36:53.0574 0x1228 [ C2730FE9713C1C474257A7085386B11E, 7D35D00D2B455841C8C9A87CE92885CD22F4B8B6690CB21443ED1B515117EF95 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
12:36:53.0605 0x1228 GfExperienceService - ok
12:36:53.0617 0x1228 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
12:36:53.0629 0x1228 GPIOClx0101 - ok
12:36:53.0658 0x1228 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
12:36:53.0697 0x1228 gpsvc - ok
12:36:53.0706 0x1228 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:36:53.0714 0x1228 gupdate - ok
12:36:53.0719 0x1228 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:36:53.0725 0x1228 gupdatem - ok
12:36:53.0738 0x1228 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:36:53.0759 0x1228 HdAudAddService - ok
12:36:53.0768 0x1228 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
12:36:53.0780 0x1228 HDAudBus - ok
12:36:53.0784 0x1228 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
12:36:53.0794 0x1228 HidBatt - ok
12:36:53.0800 0x1228 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
12:36:53.0811 0x1228 HidBth - ok
12:36:53.0816 0x1228 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
12:36:53.0826 0x1228 hidi2c - ok
12:36:53.0831 0x1228 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
12:36:53.0842 0x1228 HidIr - ok
12:36:53.0847 0x1228 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
12:36:53.0856 0x1228 hidserv - ok
12:36:53.0862 0x1228 [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch C:\Windows\System32\drivers\AsHIDSwitch64.sys
12:36:53.0868 0x1228 HIDSwitch - ok
12:36:53.0874 0x1228 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
12:36:53.0882 0x1228 HidUsb - ok
12:36:53.0887 0x1228 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
12:36:53.0897 0x1228 hkmsvc - ok
12:36:53.0904 0x1228 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:36:53.0915 0x1228 HomeGroupListener - ok
12:36:53.0929 0x1228 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:36:53.0944 0x1228 HomeGroupProvider - ok
12:36:53.0949 0x1228 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:36:53.0956 0x1228 HpSAMD - ok
12:36:53.0975 0x1228 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:36:54.0004 0x1228 HTTP - ok
12:36:54.0011 0x1228 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:36:54.0017 0x1228 hwpolicy - ok
12:36:54.0020 0x1228 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
12:36:54.0027 0x1228 hyperkbd - ok
12:36:54.0030 0x1228 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
12:36:54.0036 0x1228 HyperVideo - ok
12:36:54.0042 0x1228 [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
12:36:54.0051 0x1228 i8042prt - ok
12:36:54.0056 0x1228 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
12:36:54.0061 0x1228 iaLPSSi_GPIO - ok
12:36:54.0066 0x1228 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
12:36:54.0071 0x1228 iaLPSSi_I2C - ok
12:36:54.0086 0x1228 [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
12:36:54.0103 0x1228 iaStorA - ok
12:36:54.0118 0x1228 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
12:36:54.0135 0x1228 iaStorAV - ok
12:36:54.0146 0x1228 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:36:54.0160 0x1228 iaStorV - ok
12:36:54.0164 0x1228 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:36:54.0170 0x1228 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
12:36:56.0671 0x1228 Detect skipped due to KSN trusted
12:36:56.0671 0x1228 IDriverT - ok
12:36:56.0675 0x1228 IEEtwCollectorService - ok
12:36:56.0745 0x1228 [ 16D939A13CFB82DEE0B9DB12E45C7B4E, D09C57DE3EF7F6BEDD354FEEDB46260FDCF9F9A0F2D096FFD518509AD041AAC5 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:36:56.0851 0x1228 igfx - ok
12:36:56.0877 0x1228 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\Windows\System32\ikeext.dll
12:36:56.0904 0x1228 IKEEXT - ok
12:36:56.0909 0x1228 [ DB65573521AB51941F4FA799D0968136, 418F5E3FE725B7B114F3DAEBDCEBCE7F4AD8ECAAFF572C02BA9ACCE86D55BFD8 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
12:36:56.0913 0x1228 intaud_WaveExtensible - ok
12:36:56.0975 0x1228 [ 517869DB2BC6058D250A2963AE32B2D4, 155452DCBA19ABDF8ED72286E9AC43947A06F08C1BD044F88A870F3465981B79 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:36:57.0050 0x1228 IntcAzAudAddService - ok
12:36:57.0067 0x1228 [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:36:57.0089 0x1228 IntcDAud - ok
12:36:57.0111 0x1228 [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:36:57.0132 0x1228 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
12:36:59.0633 0x1228 Detect skipped due to KSN trusted
12:36:59.0633 0x1228 Intel(R) Capability Licensing Service Interface - ok
12:36:59.0651 0x1228 [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
12:36:59.0672 0x1228 Intel(R) Capability Licensing Service TCP IP Interface - ok
12:36:59.0677 0x1228 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
12:36:59.0683 0x1228 intelide - ok
12:36:59.0688 0x1228 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
12:36:59.0695 0x1228 intelpep - ok
12:36:59.0700 0x1228 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
12:36:59.0709 0x1228 intelppm - ok
12:36:59.0713 0x1228 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:36:59.0725 0x1228 IpFilterDriver - ok
12:36:59.0743 0x1228 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:36:59.0769 0x1228 iphlpsvc - ok
12:36:59.0775 0x1228 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
12:36:59.0784 0x1228 IPMIDRV - ok
12:36:59.0789 0x1228 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:36:59.0799 0x1228 IPNAT - ok
12:36:59.0813 0x1228 [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:36:59.0832 0x1228 iPod Service - ok
12:36:59.0838 0x1228 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:36:59.0845 0x1228 IRENUM - ok
12:36:59.0849 0x1228 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:36:59.0856 0x1228 isapnp - ok
12:36:59.0866 0x1228 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
12:36:59.0879 0x1228 iScsiPrt - ok
12:36:59.0884 0x1228 [ 2C04ACF9070282AC9AA837C52CA3C128, 2C68FE2E876E5089F27021038E868E21288F694F3ED0390AED5B4712CC7567EC ] iwdbus C:\Windows\System32\drivers\iwdbus.sys
12:36:59.0888 0x1228 iwdbus - ok
12:36:59.0893 0x1228 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:36:59.0900 0x1228 jhi_service - ok
12:36:59.0905 0x1228 [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
12:36:59.0912 0x1228 kbdclass - ok
12:36:59.0916 0x1228 [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
12:36:59.0923 0x1228 kbdhid - ok
12:36:59.0926 0x1228 [ A8080BEBCDB7A16495CE1205921DCAC5, D4B0EF97B75BF75934A0BEEE48CACD20E8F505600C3A07243DF7627680EE8552 ] kbfiltr C:\Windows\System32\drivers\kbfiltr.sys
12:36:59.0930 0x1228 kbfiltr - ok
12:36:59.0933 0x1228 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\Windows\system32\drivers\kbldfltr.sys
12:36:59.0939 0x1228 kbldfltr - ok
12:36:59.0942 0x1228 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
12:36:59.0950 0x1228 kdnic - ok
12:36:59.0953 0x1228 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
12:36:59.0960 0x1228 KeyIso - ok
12:36:59.0964 0x1228 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:36:59.0972 0x1228 KSecDD - ok
12:36:59.0977 0x1228 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:36:59.0987 0x1228 KSecPkg - ok
12:37:00.0014 0x1228 [ EFB2614E9142FA4427CE82EE6DC0CA7B, DE67CED09EA1A3B10BF0F3B22B2675844122783AE2523CE01E0BDE2691FC684A ] KSS C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
12:37:00.0022 0x1228 KSS - ok
12:37:00.0026 0x1228 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:37:00.0033 0x1228 ksthunk - ok
12:37:00.0042 0x1228 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:37:00.0056 0x1228 KtmRm - ok
12:37:00.0065 0x1228 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
12:37:00.0078 0x1228 LanmanServer - ok
12:37:00.0086 0x1228 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:37:00.0099 0x1228 LanmanWorkstation - ok
12:37:00.0112 0x1228 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
12:37:00.0130 0x1228 lfsvc - ok
12:37:00.0135 0x1228 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:37:00.0144 0x1228 lltdio - ok
12:37:00.0151 0x1228 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:37:00.0163 0x1228 lltdsvc - ok
12:37:00.0167 0x1228 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:37:00.0174 0x1228 lmhosts - ok
12:37:00.0183 0x1228 [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:37:00.0193 0x1228 LMS - ok
12:37:00.0199 0x1228 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:37:00.0207 0x1228 LSI_SAS - ok
12:37:00.0212 0x1228 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:37:00.0220 0x1228 LSI_SAS2 - ok
12:37:00.0225 0x1228 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
12:37:00.0233 0x1228 LSI_SAS3 - ok
12:37:00.0238 0x1228 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
12:37:00.0246 0x1228 LSI_SSS - ok
12:37:00.0262 0x1228 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
12:37:00.0285 0x1228 LSM - ok
12:37:00.0290 0x1228 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
12:37:00.0299 0x1228 luafv - ok
12:37:00.0303 0x1228 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:37:00.0307 0x1228 MBAMProtector - ok
12:37:00.0326 0x1228 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
12:37:00.0350 0x1228 MBAMService - ok
12:37:00.0354 0x1228 [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:37:00.0359 0x1228 MBAMWebAccessControl - ok
12:37:00.0363 0x1228 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
12:37:00.0372 0x1228 megasas - ok
12:37:00.0383 0x1228 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
12:37:00.0402 0x1228 megasr - ok
12:37:00.0407 0x1228 [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
12:37:00.0413 0x1228 MEIx64 - ok
12:37:00.0417 0x1228 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
12:37:00.0426 0x1228 MMCSS - ok
12:37:00.0429 0x1228 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
12:37:00.0437 0x1228 Modem - ok
12:37:00.0441 0x1228 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
12:37:00.0448 0x1228 monitor - ok
12:37:00.0452 0x1228 [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\Windows\System32\drivers\mouclass.sys
12:37:00.0459 0x1228 mouclass - ok
12:37:00.0463 0x1228 [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\Windows\System32\drivers\mouhid.sys
12:37:00.0469 0x1228 mouhid - ok
12:37:00.0474 0x1228 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:37:00.0482 0x1228 mountmgr - ok
12:37:00.0486 0x1228 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:37:00.0493 0x1228 MozillaMaintenance - ok
12:37:00.0498 0x1228 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:37:00.0506 0x1228 mpsdrv - ok
12:37:00.0522 0x1228 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:37:00.0545 0x1228 MpsSvc - ok
12:37:00.0552 0x1228 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:37:00.0561 0x1228 MRxDAV - ok
12:37:00.0570 0x1228 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:37:00.0583 0x1228 mrxsmb - ok
12:37:00.0592 0x1228 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:37:00.0604 0x1228 mrxsmb10 - ok
12:37:00.0610 0x1228 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:37:00.0620 0x1228 mrxsmb20 - ok
12:37:00.0625 0x1228 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
12:37:00.0633 0x1228 MsBridge - ok
12:37:00.0638 0x1228 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
12:37:00.0647 0x1228 MSDTC - ok
12:37:00.0653 0x1228 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:37:00.0661 0x1228 Msfs - ok
12:37:00.0664 0x1228 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
12:37:00.0671 0x1228 msgpiowin32 - ok
12:37:00.0674 0x1228 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:37:00.0680 0x1228 mshidkmdf - ok
12:37:00.0684 0x1228 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
12:37:00.0690 0x1228 mshidumdf - ok
12:37:00.0693 0x1228 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:37:00.0699 0x1228 msisadrv - ok
12:37:00.0705 0x1228 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:37:00.0714 0x1228 MSiSCSI - ok
12:37:00.0717 0x1228 msiserver - ok
12:37:00.0723 0x1228 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
12:37:00.0731 0x1228 MsKeyboardFilter - ok
12:37:00.0735 0x1228 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:37:00.0742 0x1228 MSKSSRV - ok
12:37:00.0746 0x1228 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
12:37:00.0754 0x1228 MsLldp - ok
12:37:00.0756 0x1228 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:37:00.0762 0x1228 MSPCLOCK - ok
12:37:00.0766 0x1228 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:37:00.0772 0x1228 MSPQM - ok
12:37:00.0781 0x1228 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:37:00.0795 0x1228 MsRPC - ok
12:37:00.0801 0x1228 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
12:37:00.0809 0x1228 mssmbios - ok
12:37:00.0812 0x1228 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:37:00.0820 0x1228 MSTEE - ok
12:37:00.0823 0x1228 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
12:37:00.0829 0x1228 MTConfig - ok
12:37:00.0835 0x1228 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
12:37:00.0843 0x1228 Mup - ok
12:37:00.0846 0x1228 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
12:37:00.0854 0x1228 mvumis - ok
12:37:00.0864 0x1228 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
12:37:00.0880 0x1228 napagent - ok
12:37:00.0890 0x1228 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:37:00.0905 0x1228 NativeWifiP - ok
12:37:00.0910 0x1228 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
12:37:00.0920 0x1228 NcaSvc - ok
12:37:00.0925 0x1228 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
12:37:00.0935 0x1228 NcbService - ok
12:37:00.0940 0x1228 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
12:37:00.0949 0x1228 NcdAutoSetup - ok
12:37:00.0969 0x1228 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:37:01.0007 0x1228 NDIS - ok
12:37:01.0012 0x1228 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:37:01.0021 0x1228 NdisCap - ok
12:37:01.0029 0x1228 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:37:01.0040 0x1228 NdisImPlatform - ok
12:37:01.0044 0x1228 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:37:01.0051 0x1228 NdisTapi - ok
12:37:01.0059 0x1228 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:37:01.0067 0x1228 Ndisuio - ok
12:37:01.0074 0x1228 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
12:37:01.0083 0x1228 NdisVirtualBus - ok
12:37:01.0092 0x1228 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:01.0107 0x1228 NdisWan - ok
12:37:01.0113 0x1228 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:01.0126 0x1228 NdisWanLegacy - ok
12:37:01.0129 0x1228 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:37:01.0137 0x1228 NDProxy - ok
12:37:01.0141 0x1228 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
12:37:01.0152 0x1228 Ndu - ok
12:37:01.0156 0x1228 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:37:01.0166 0x1228 NetBIOS - ok
12:37:01.0173 0x1228 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:37:01.0188 0x1228 NetBT - ok
12:37:01.0192 0x1228 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
12:37:01.0201 0x1228 Netlogon - ok
12:37:01.0210 0x1228 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
12:37:01.0223 0x1228 Netman - ok
12:37:01.0239 0x1228 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
12:37:01.0257 0x1228 netprofm - ok
12:37:01.0263 0x1228 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:37:01.0273 0x1228 NetTcpPortSharing - ok
12:37:01.0277 0x1228 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
12:37:01.0286 0x1228 netvsc - ok
12:37:01.0295 0x1228 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
12:37:01.0310 0x1228 NlaSvc - ok
12:37:01.0313 0x1228 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:37:01.0322 0x1228 Npfs - ok
12:37:01.0325 0x1228 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
12:37:01.0331 0x1228 npsvctrig - ok
12:37:01.0335 0x1228 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
12:37:01.0343 0x1228 nsi - ok
12:37:01.0348 0x1228 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:37:01.0355 0x1228 nsiproxy - ok
12:37:01.0391 0x1228 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:37:01.0441 0x1228 Ntfs - ok
12:37:01.0446 0x1228 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
12:37:01.0454 0x1228 Null - ok
12:37:01.0615 0x1228 [ 7C28BA74B766F3470128107DA764F711, 43738B3B7F7A493D2B0102B889612A1E91545F38BA82CD911D63361F08048314 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:37:01.0811 0x1228 nvlddmkm - ok
12:37:01.0855 0x1228 [ F9CF3FB8DD81B390783532B3C98D6976, 8C94638136CFAEB3ED6DD7CE2059E98B64B15918DDB0796CC0B88474EE99F5BF ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:37:01.0888 0x1228 NvNetworkService - ok
12:37:01.0893 0x1228 [ ACE287C78C766F97630E7FAEEE3762B8, 2A0475A72579519BBBFF8F27AEC2DCA23AFF3EE1C6DBF396BB89EA8852C7914B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
12:37:01.0898 0x1228 nvpciflt - ok
12:37:01.0903 0x1228 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:37:01.0912 0x1228 nvraid - ok
12:37:01.0918 0x1228 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:37:01.0928 0x1228 nvstor - ok
12:37:01.0931 0x1228 [ 3A7B0570D896602E37EAF80EC3D1615A, 1F5A71432F96731115ADA2A50E605923666188D08F9FD748424AB6588D0E1482 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:37:01.0936 0x1228 NvStreamKms - ok
12:37:01.0938 0x1228 NvStreamSvc - ok
12:37:01.0956 0x1228 [ 2A4F832243E869FD7564AA90402D74BD, E730A517EB6D49036B6FC196BFC930ED93EDB4FD4FA7EB1EB69A434BB94AE3C0 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:37:01.0976 0x1228 nvsvc - ok
12:37:01.0982 0x1228 [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:37:01.0989 0x1228 nvvad_WaveExtensible - ok
12:37:01.0994 0x1228 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:37:02.0005 0x1228 nv_agp - ok
12:37:02.0010 0x1228 [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:37:02.0021 0x1228 ose64 - ok
12:37:02.0100 0x1228 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:37:02.0208 0x1228 osppsvc - ok
12:37:02.0230 0x1228 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:37:02.0244 0x1228 p2pimsvc - ok
12:37:02.0256 0x1228 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
12:37:02.0272 0x1228 p2psvc - ok
12:37:02.0278 0x1228 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
12:37:02.0288 0x1228 Parport - ok
12:37:02.0292 0x1228 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:37:02.0301 0x1228 partmgr - ok
12:37:02.0314 0x1228 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:37:02.0330 0x1228 PcaSvc - ok
12:37:02.0339 0x1228 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
12:37:02.0353 0x1228 pci - ok
12:37:02.0356 0x1228 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
12:37:02.0362 0x1228 pciide - ok
12:37:02.0369 0x1228 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:37:02.0378 0x1228 pcmcia - ok
12:37:02.0383 0x1228 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
12:37:02.0390 0x1228 pcw - ok
12:37:02.0394 0x1228 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
12:37:02.0402 0x1228 pdc - ok
12:37:02.0415 0x1228 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:37:02.0435 0x1228 PEAUTH - ok
12:37:02.0471 0x1228 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:37:02.0524 0x1228 PeerDistSvc - ok
12:37:02.0540 0x1228 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:37:02.0549 0x1228 PerfHost - ok
12:37:02.0588 0x1228 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
12:37:02.0633 0x1228 pla - ok
12:37:02.0641 0x1228 [ 650A060D264FDDB365513A31B0BF31B7, E5EE292D486063F70119013FE89C15953BD46795E001C8A71D612351BC26DF33 ] plctrl C:\Program Files\ASUS\P4G\plctrl.sys
12:37:02.0647 0x1228 plctrl - ok
12:37:02.0653 0x1228 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:37:02.0662 0x1228 PlugPlay - ok
12:37:02.0668 0x1228 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:37:02.0678 0x1228 PNRPAutoReg - ok
12:37:02.0689 0x1228 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:37:02.0704 0x1228 PNRPsvc - ok
12:37:02.0714 0x1228 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:37:02.0728 0x1228 PolicyAgent - ok
12:37:02.0737 0x1228 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
12:37:02.0748 0x1228 Power - ok
12:37:02.0802 0x1228 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
12:37:02.0871 0x1228 PrintNotify - ok
12:37:02.0881 0x1228 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
12:37:02.0891 0x1228 Processor - ok
12:37:02.0897 0x1228 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\Windows\system32\profsvc.dll
12:37:02.0909 0x1228 ProfSvc - ok
12:37:02.0916 0x1228 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:37:02.0927 0x1228 Psched - ok
12:37:02.0936 0x1228 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
12:37:02.0949 0x1228 QWAVE - ok
12:37:02.0957 0x1228 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:37:02.0964 0x1228 QWAVEdrv - ok
12:37:02.0968 0x1228 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:37:02.0976 0x1228 RasAcd - ok
12:37:02.0982 0x1228 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
12:37:02.0993 0x1228 RasAuto - ok
12:37:03.0007 0x1228 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
12:37:03.0027 0x1228 RasMan - ok
12:37:03.0034 0x1228 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:37:03.0045 0x1228 RasPppoe - ok
12:37:03.0057 0x1228 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:37:03.0075 0x1228 rdbss - ok
12:37:03.0082 0x1228 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
12:37:03.0091 0x1228 rdpbus - ok
12:37:03.0097 0x1228 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:37:03.0110 0x1228 RDPDR - ok
12:37:03.0120 0x1228 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:37:03.0130 0x1228 RdpVideoMiniport - ok
12:37:03.0138 0x1228 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:37:03.0149 0x1228 rdyboost - ok
12:37:03.0168 0x1228 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
12:37:03.0199 0x1228 ReFS - ok
12:37:03.0210 0x1228 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:37:03.0223 0x1228 RemoteAccess - ok
12:37:03.0229 0x1228 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:37:03.0239 0x1228 RemoteRegistry - ok
12:37:03.0243 0x1228 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:37:03.0252 0x1228 RpcEptMapper - ok
12:37:03.0255 0x1228 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
12:37:03.0262 0x1228 RpcLocator - ok
12:37:03.0277 0x1228 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
12:37:03.0298 0x1228 RpcSs - ok
12:37:03.0302 0x1228 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:37:03.0312 0x1228 rspndr - ok
12:37:03.0319 0x1228 [ 9CF8593B62102545CB1652A1D8748FDD, 818639795720A7567CCE01EBC24A0119BFDCEA1B7A5ED4A11B5012D763C1B5CC ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
12:37:03.0328 0x1228 RSUSBSTOR - ok
12:37:03.0344 0x1228 [ D9C5260772FDA64AB729C0B4822F11E3, D52B79C4D30D18AD5DE60EFE68BFAF4221C0F4D226F5067312CE546EDE4E89CE ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
12:37:03.0365 0x1228 RTL8168 - ok
12:37:03.0369 0x1228 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
12:37:03.0376 0x1228 s3cap - ok
12:37:03.0382 0x1228 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
12:37:03.0389 0x1228 SamSs - ok
12:37:03.0395 0x1228 [ E941B5387C3D79FB39A9840F758BAB91, 891C5BD455481AA2AA982129721BC040EDAAED39C6E252C72484F74235997B77 ] SbieDrv C:\Program Files (x86)\Sandboxie\SbieDrv.sys
12:37:03.0404 0x1228 SbieDrv - ok
12:37:03.0409 0x1228 [ F2C589CB0C0F150683F4D9BEAA387E48, 14E6EF1E71DB4BE1A0348BC917F181C0D5792E6AC767C9235E11285AED25DC85 ] SbieSvc C:\Program Files (x86)\Sandboxie\SbieSvc.exe
12:37:03.0415 0x1228 SbieSvc - ok
12:37:03.0421 0x1228 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:37:03.0429 0x1228 sbp2port - ok
12:37:03.0436 0x1228 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:37:03.0447 0x1228 SCardSvr - ok
12:37:03.0452 0x1228 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
12:37:03.0461 0x1228 ScDeviceEnum - ok
12:37:03.0465 0x1228 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:37:03.0473 0x1228 scfilter - ok
12:37:03.0496 0x1228 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\Windows\system32\schedsvc.dll
12:37:03.0526 0x1228 Schedule - ok
12:37:03.0533 0x1228 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:37:03.0541 0x1228 SCPolicySvc - ok
12:37:03.0550 0x1228 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\Windows\System32\drivers\sdbus.sys
12:37:03.0562 0x1228 sdbus - ok
12:37:03.0567 0x1228 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
12:37:03.0575 0x1228 sdstor - ok
12:37:03.0579 0x1228 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:37:03.0586 0x1228 secdrv - ok
12:37:03.0589 0x1228 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
12:37:03.0597 0x1228 seclogon - ok
12:37:03.0601 0x1228 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
12:37:03.0610 0x1228 SENS - ok
12:37:03.0618 0x1228 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:37:03.0630 0x1228 SensrSvc - ok
12:37:03.0634 0x1228 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
12:37:03.0641 0x1228 SerCx - ok
12:37:03.0647 0x1228 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
12:37:03.0655 0x1228 SerCx2 - ok
12:37:03.0659 0x1228 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
12:37:03.0666 0x1228 Serenum - ok
12:37:03.0671 0x1228 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
12:37:03.0679 0x1228 Serial - ok
12:37:03.0683 0x1228 [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\Windows\System32\drivers\sermouse.sys
12:37:03.0689 0x1228 sermouse - ok
12:37:03.0702 0x1228 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
12:37:03.0716 0x1228 SessionEnv - ok
12:37:03.0719 0x1228 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
12:37:03.0726 0x1228 sfloppy - ok
12:37:03.0736 0x1228 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:37:03.0752 0x1228 SharedAccess - ok
12:37:03.0768 0x1228 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:37:03.0788 0x1228 ShellHWDetection - ok
12:37:03.0793 0x1228 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:37:03.0800 0x1228 SiSRaid2 - ok
12:37:03.0804 0x1228 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:37:03.0813 0x1228 SiSRaid4 - ok
12:37:03.0820 0x1228 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:37:03.0832 0x1228 SkypeUpdate - ok
12:37:03.0836 0x1228 [ ED3188A5AC871564D2598F289B5D36DF, CCDCA10105480DB16B4E0BD2767EA2DEF62C9996F2E059FBAA4A3B40AE3E97F6 ] SLEE_18_DRIVER C:\Windows\Sleen1864.sys
12:37:03.0842 0x1228 SLEE_18_DRIVER - ok
12:37:03.0846 0x1228 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
12:37:03.0853 0x1228 smphost - ok
12:37:03.0859 0x1228 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:37:03.0867 0x1228 SNMPTRAP - ok
12:37:03.0879 0x1228 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
12:37:03.0894 0x1228 spaceport - ok
12:37:03.0900 0x1228 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
12:37:03.0907 0x1228 SpbCx - ok
12:37:03.0924 0x1228 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
12:37:03.0951 0x1228 Spooler - ok
12:37:04.0058 0x1228 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
12:37:04.0205 0x1228 sppsvc - ok
12:37:04.0223 0x1228 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:37:04.0238 0x1228 srv - ok
12:37:04.0251 0x1228 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:37:04.0271 0x1228 srv2 - ok
12:37:04.0278 0x1228 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:37:04.0289 0x1228 srvnet - ok
12:37:04.0295 0x1228 [ DF11D259C10C9D0DFCCBA1093C5DB1BD, A9AEF5D88DDDCE27A4640FE82CED92A4957C42F8E9EEDFC52DC128A66E0B43ED ] sscdbus C:\Windows\System32\drivers\sscdbus.sys
12:37:04.0302 0x1228 sscdbus - ok
12:37:04.0309 0x1228 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:37:04.0321 0x1228 SSDPSRV - ok
12:37:04.0326 0x1228 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:37:04.0335 0x1228 SstpSvc - ok
12:37:04.0350 0x1228 [ CBEE56BA774ACACB74B9CCB40450220F, 091671C3868BB76DDE19E4A24BAB7D0F9DD11C6DD2D87EA7FF6CE1F276A8312B ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:37:04.0370 0x1228 Steam Client Service - ok
12:37:04.0380 0x1228 [ F82B2FC221CA0E408874884787491667, A9C7FB9C4719484BDA4FB69A8F948DC556CFEA19DFE89D2E63536F2C42725E66 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:37:04.0390 0x1228 Stereo Service - ok
12:37:04.0394 0x1228 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:37:04.0400 0x1228 stexstor - ok
12:37:04.0414 0x1228 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
12:37:04.0435 0x1228 stisvc - ok
12:37:04.0440 0x1228 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
12:37:04.0449 0x1228 storahci - ok
12:37:04.0452 0x1228 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:37:04.0459 0x1228 storflt - ok
12:37:04.0464 0x1228 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
12:37:04.0471 0x1228 stornvme - ok
12:37:04.0475 0x1228 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
12:37:04.0483 0x1228 StorSvc - ok
12:37:04.0486 0x1228 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:37:04.0493 0x1228 storvsc - ok
12:37:04.0497 0x1228 [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp C:\Windows\System32\drivers\storvsp.sys
12:37:04.0505 0x1228 storvsp - ok
12:37:04.0508 0x1228 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
12:37:04.0515 0x1228 svsvc - ok
12:37:04.0518 0x1228 [ 9CFEFD62D86DABFAC12D1C5ED72BA6A4, 1FFE4371450F53FD774CA0349CC28F559695761C18759CEB04933FDF2FD98F65 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
12:37:04.0523 0x1228 SWDUMon - ok
12:37:04.0526 0x1228 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
12:37:04.0533 0x1228 swenum - ok
12:37:04.0547 0x1228 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
12:37:04.0567 0x1228 swprv - ok
12:37:04.0591 0x1228 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\Windows\system32\sysmain.dll
12:37:04.0622 0x1228 SysMain - ok
12:37:04.0632 0x1228 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:37:04.0644 0x1228 SystemEventsBroker - ok
12:37:04.0650 0x1228 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:37:04.0660 0x1228 TabletInputService - ok
12:37:04.0664 0x1228 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
12:37:04.0669 0x1228 tap0901 - ok
12:37:04.0673 0x1228 [ DA0780D55E8CF724CF3EF7CCF0F0DB67, 47CD0FC1CAD0603674EC06C469F7C92518C8668DF6DA56DF5E3DD7640E287203 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
12:37:04.0678 0x1228 taphss6 - ok
12:37:04.0686 0x1228 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
12:37:04.0700 0x1228 TapiSrv - ok
12:37:04.0740 0x1228 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:37:04.0801 0x1228 Tcpip - ok
12:37:04.0843 0x1228 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:37:04.0906 0x1228 TCPIP6 - ok
12:37:04.0921 0x1228 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:37:04.0929 0x1228 tcpipreg - ok
12:37:04.0938 0x1228 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:37:04.0950 0x1228 tdx - ok
12:37:05.0049 0x1228 [ 6CA83C69643E7BF144A428B7BDC7D630, DB015BA4428509E1D5BE74FEFB446A29D316564617EB15A379424B3FCE3B74A9 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
12:37:05.0148 0x1228 TeamViewer - ok
12:37:05.0158 0x1228 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
12:37:05.0168 0x1228 terminpt - ok
12:37:05.0188 0x1228 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
12:37:05.0214 0x1228 TermService - ok
12:37:05.0219 0x1228 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
12:37:05.0227 0x1228 Themes - ok
12:37:05.0231 0x1228 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
12:37:05.0238 0x1228 THREADORDER - ok
12:37:05.0245 0x1228 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
12:37:05.0257 0x1228 TimeBroker - ok
12:37:05.0264 0x1228 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
12:37:05.0274 0x1228 TPM - ok
12:37:05.0279 0x1228 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
12:37:05.0288 0x1228 TrkWks - ok
12:37:05.0292 0x1228 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:37:05.0301 0x1228 TrustedInstaller - ok
12:37:05.0305 0x1228 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:37:05.0313 0x1228 TsUsbFlt - ok
12:37:05.0317 0x1228 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
12:37:05.0323 0x1228 TsUsbGD - ok
12:37:05.0329 0x1228 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:37:05.0339 0x1228 tunnel - ok
12:37:05.0344 0x1228 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:37:05.0353 0x1228 uagp35 - ok
12:37:05.0359 0x1228 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
12:37:05.0367 0x1228 UASPStor - ok
12:37:05.0375 0x1228 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
12:37:05.0386 0x1228 UCX01000 - ok
12:37:05.0394 0x1228 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:37:05.0410 0x1228 udfs - ok
12:37:05.0415 0x1228 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
12:37:05.0424 0x1228 UEFI - ok
12:37:05.0430 0x1228 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:37:05.0437 0x1228 UI0Detect - ok
12:37:05.0442 0x1228 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:37:05.0449 0x1228 uliagpkx - ok
12:37:05.0453 0x1228 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
12:37:05.0460 0x1228 umbus - ok
12:37:05.0464 0x1228 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
12:37:05.0472 0x1228 UmPass - ok
12:37:05.0480 0x1228 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
12:37:05.0493 0x1228 UmRdpService - ok
12:37:05.0506 0x1228 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
12:37:05.0522 0x1228 upnphost - ok
12:37:05.0528 0x1228 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
12:37:05.0537 0x1228 usbccgp - ok
12:37:05.0542 0x1228 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
12:37:05.0550 0x1228 usbcir - ok
12:37:05.0556 0x1228 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
12:37:05.0564 0x1228 usbehci - ok
12:37:05.0575 0x1228 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
12:37:05.0592 0x1228 usbhub - ok
12:37:05.0608 0x1228 [ FAA564A13576F9284546BF016D27B551, 1D2CD13DC0B02DD40657EE4F93F4A13C78D2F2EF91685E563D78E217C96DF544 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
12:37:05.0627 0x1228 USBHUB3 - ok
12:37:05.0631 0x1228 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
12:37:05.0640 0x1228 usbohci - ok
12:37:05.0644 0x1228 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
12:37:05.0651 0x1228 usbprint - ok
12:37:05.0655 0x1228 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:37:05.0663 0x1228 usbscan - ok
12:37:05.0670 0x1228 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
12:37:05.0680 0x1228 USBSTOR - ok
12:37:05.0684 0x1228 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
12:37:05.0691 0x1228 usbuhci - ok
12:37:05.0698 0x1228 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:37:05.0711 0x1228 usbvideo - ok
12:37:05.0721 0x1228 [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
12:37:05.0736 0x1228 USBXHCI - ok
12:37:05.0740 0x1228 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
12:37:05.0749 0x1228 VaultSvc - ok
12:37:05.0754 0x1228 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:37:05.0761 0x1228 vdrvroot - ok
12:37:05.0786 0x1228 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
12:37:05.0821 0x1228 vds - ok
12:37:05.0829 0x1228 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
12:37:05.0838 0x1228 VerifierExt - ok
12:37:05.0854 0x1228 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
12:37:05.0876 0x1228 vhdmp - ok
12:37:05.0879 0x1228 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
12:37:05.0885 0x1228 viaide - ok
12:37:05.0892 0x1228 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\Windows\System32\drivers\Vid.sys
12:37:05.0907 0x1228 Vid - ok
12:37:05.0926 0x1228 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:37:05.0944 0x1228 vmbus - ok
12:37:05.0948 0x1228 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
12:37:05.0955 0x1228 VMBusHID - ok
12:37:05.0961 0x1228 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
12:37:05.0969 0x1228 vmbusr - ok
12:37:05.0980 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
12:37:05.0996 0x1228 vmicguestinterface - ok
12:37:06.0007 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
12:37:06.0021 0x1228 vmicheartbeat - ok
12:37:06.0031 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:37:06.0050 0x1228 vmickvpexchange - ok
12:37:06.0063 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
12:37:06.0080 0x1228 vmicrdv - ok
12:37:06.0091 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
12:37:06.0107 0x1228 vmicshutdown - ok
12:37:06.0118 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
12:37:06.0132 0x1228 vmictimesync - ok
12:37:06.0143 0x1228 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
12:37:06.0159 0x1228 vmicvss - ok
12:37:06.0165 0x1228 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:37:06.0173 0x1228 volmgr - ok
12:37:06.0184 0x1228 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:37:06.0200 0x1228 volmgrx - ok
12:37:06.0210 0x1228 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:37:06.0224 0x1228 volsnap - ok
12:37:06.0228 0x1228 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
12:37:06.0235 0x1228 vpci - ok
12:37:06.0239 0x1228 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
12:37:06.0246 0x1228 vpcivsp - ok
12:37:06.0252 0x1228 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:37:06.0261 0x1228 vsmraid - ok
12:37:06.0286 0x1228 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\Windows\system32\vssvc.exe
12:37:06.0320 0x1228 VSS - ok
12:37:06.0329 0x1228 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
12:37:06.0341 0x1228 VSTXRAID - ok
12:37:06.0345 0x1228 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:37:06.0353 0x1228 vwifibus - ok
12:37:06.0357 0x1228 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:37:06.0365 0x1228 vwififlt - ok
12:37:06.0369 0x1228 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:37:06.0376 0x1228 vwifimp - ok
12:37:06.0387 0x1228 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
12:37:06.0401 0x1228 W32Time - ok
12:37:06.0404 0x1228 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
12:37:06.0412 0x1228 WacomPen - ok
12:37:06.0440 0x1228 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
12:37:06.0476 0x1228 wbengine - ok
12:37:06.0489 0x1228 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:37:06.0504 0x1228 WbioSrvc - ok
12:37:06.0514 0x1228 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
12:37:06.0527 0x1228 Wcmsvc - ok
12:37:06.0537 0x1228 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:37:06.0553 0x1228 wcncsvc - ok
12:37:06.0557 0x1228 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:37:06.0565 0x1228 WcsPlugInService - ok
12:37:06.0568 0x1228 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
12:37:06.0575 0x1228 WdBoot - ok
12:37:06.0592 0x1228 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:37:06.0613 0x1228 Wdf01000 - ok
12:37:06.0621 0x1228 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
12:37:06.0633 0x1228 WdFilter - ok
12:37:06.0637 0x1228 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:37:06.0647 0x1228 WdiServiceHost - ok
12:37:06.0650 0x1228 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:37:06.0659 0x1228 WdiSystemHost - ok
12:37:06.0665 0x1228 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
12:37:06.0674 0x1228 WdNisDrv - ok
12:37:06.0676 0x1228 WdNisSvc - ok
12:37:06.0683 0x1228 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\Windows\System32\webclnt.dll
12:37:06.0695 0x1228 WebClient - ok
12:37:06.0701 0x1228 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:37:06.0713 0x1228 Wecsvc - ok
12:37:06.0716 0x1228 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
12:37:06.0723 0x1228 WEPHOSTSVC - ok
12:37:06.0727 0x1228 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:37:06.0738 0x1228 wercplsupport - ok
12:37:06.0744 0x1228 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
12:37:06.0754 0x1228 WerSvc - ok
12:37:06.0760 0x1228 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
12:37:06.0768 0x1228 WFPLWFS - ok
12:37:06.0772 0x1228 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
12:37:06.0781 0x1228 WiaRpc - ok
12:37:06.0784 0x1228 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:37:06.0791 0x1228 WIMMount - ok
12:37:06.0793 0x1228 WinDefend - ok
12:37:06.0810 0x1228 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
12:37:06.0831 0x1228 WinHttpAutoProxySvc - ok
12:37:06.0839 0x1228 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:37:06.0851 0x1228 Winmgmt - ok
12:37:06.0893 0x1228 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
12:37:06.0951 0x1228 WinRM - ok
12:37:06.0961 0x1228 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\System32\drivers\WinUsb.sys
12:37:06.0968 0x1228 WinUsb - ok
12:37:06.0996 0x1228 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
12:37:07.0031 0x1228 WlanSvc - ok
12:37:07.0060 0x1228 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
12:37:07.0097 0x1228 wlidsvc - ok
12:37:07.0102 0x1228 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
12:37:07.0109 0x1228 WmiAcpi - ok
12:37:07.0116 0x1228 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:37:07.0127 0x1228 wmiApSrv - ok
12:37:07.0129 0x1228 WMPNetworkSvc - ok
12:37:07.0137 0x1228 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
12:37:07.0148 0x1228 Wof - ok
12:37:07.0178 0x1228 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
12:37:07.0216 0x1228 workfolderssvc - ok
12:37:07.0223 0x1228 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
12:37:07.0231 0x1228 wpcfltr - ok
12:37:07.0234 0x1228 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:37:07.0241 0x1228 WPCSvc - ok
12:37:07.0245 0x1228 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:37:07.0254 0x1228 WPDBusEnum - ok
12:37:07.0257 0x1228 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
12:37:07.0264 0x1228 WpdUpFltr - ok
12:37:07.0267 0x1228 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:37:07.0275 0x1228 ws2ifsl - ok
12:37:07.0280 0x1228 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
12:37:07.0290 0x1228 wscsvc - ok
12:37:07.0294 0x1228 WSearch - ok
12:37:07.0350 0x1228 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
12:37:07.0435 0x1228 WSService - ok
12:37:07.0497 0x1228 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\Windows\system32\wuaueng.dll
12:37:07.0571 0x1228 wuauserv - ok
12:37:07.0580 0x1228 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:37:07.0588 0x1228 WudfPf - ok
12:37:07.0594 0x1228 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
12:37:07.0604 0x1228 WUDFRd - ok
12:37:07.0609 0x1228 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:37:07.0618 0x1228 wudfsvc - ok
12:37:07.0625 0x1228 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
12:37:07.0634 0x1228 WUDFWpdFs - ok
12:37:07.0639 0x1228 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\System32\drivers\WUDFRd.sys
12:37:07.0648 0x1228 WUDFWpdMtp - ok
12:37:07.0659 0x1228 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:37:07.0677 0x1228 WwanSvc - ok
12:37:07.0686 0x1228 [ 86B8B1F5C1189D68B07666784BE882FE, 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
12:37:07.0694 0x1228 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
12:37:10.0252 0x1228 Detect skipped due to KSN trusted
12:37:10.0252 0x1228 ZAtheros Bt and Wlan Coex Agent - ok
12:37:10.0260 0x1228 ================ Scan global ===============================
12:37:10.0266 0x1228 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
12:37:10.0273 0x1228 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
12:37:10.0280 0x1228 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
12:37:10.0290 0x1228 [ 5BF02EBEFEDC706318C96E2E60EDCB91, DC866C5BC3A887CAAA7169AB9BB2992F6F877B3EA04B62B4F95B6BD54943155F ] C:\Windows\system32\services.exe
12:37:10.0296 0x1228 [ Global ] - ok
12:37:10.0296 0x1228 ================ Scan MBR ==================================
12:37:10.0298 0x1228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:37:10.0337 0x1228 \Device\Harddisk0\DR0 - ok
12:37:10.0372 0x1228 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
12:37:10.0533 0x1228 \Device\Harddisk1\DR1 - ok
12:37:10.0534 0x1228 ================ Scan VBR ==================================
12:37:10.0536 0x1228 [ 07232D133A180CB7A90115AE9AEAB143 ] \Device\Harddisk0\DR0\Partition1
12:37:10.0537 0x1228 \Device\Harddisk0\DR0\Partition1 - ok
12:37:10.0539 0x1228 [ FE891A7982F541C1A3C79DDDBF242F91 ] \Device\Harddisk0\DR0\Partition2
12:37:10.0540 0x1228 \Device\Harddisk0\DR0\Partition2 - ok
12:37:10.0542 0x1228 [ 9CAC8E4A843E1A6B241C9D95C7ABC7CA ] \Device\Harddisk1\DR1\Partition1
12:37:10.0573 0x1228 \Device\Harddisk1\DR1\Partition1 - ok
12:37:10.0574 0x1228 ================ Scan generic autorun ======================
12:37:10.0752 0x1228 [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
12:37:10.0897 0x1228 CCleaner - ok
12:37:10.0910 0x1228 [ EFB2614E9142FA4427CE82EE6DC0CA7B, DE67CED09EA1A3B10BF0F3B22B2675844122783AE2523CE01E0BDE2691FC684A ] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
12:37:10.0917 0x1228 KSS - ok
12:37:10.0923 0x1228 [ 40F7401928355A1515199676A5D00CDC, 4F16DE77F0BD7D1F9F61AE5712B3FD7BD53D19DCCEF88925E10180EF040A8E0B ] C:\Users\xX2119Xx\AppData\Local\Apps\2.0\2PXGEDJP.4OC\AVNBX6YB.ZO4\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe
12:37:10.0928 0x1228 AVMUSBFernanschluss - detected UnsignedFile.Multi.Generic ( 1 )
12:37:14.0834 0x1228 AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - warning
12:37:17.0365 0x1228 [ C81F59B7D524FB462F73B27757084618, 6C7DF7257ED0D9C69A53B98F15EAF1B42D302659791EE80F48D06BCA11EA09D8 ] C:\Program Files\CCleaner\CCleaner64.exe
12:37:17.0492 0x1228 CCleaner - ok
12:37:17.0503 0x1228 [ 62ED7A1E3B50A1DAA65506012F5784BA, D03B1E20BA1145FDA006F5C025FB9E07B7935CD48BD3264A790FAAE9EC416BEF ] C:\Program Files (x86)\Steganos Safe 15\SteganosBrowserMonitor.exe
12:37:17.0506 0x1228 SAFE15 Browser Monitor - detected UnsignedFile.Multi.Generic ( 1 )
12:37:20.0005 0x1228 Detect skipped due to KSN trusted
12:37:20.0005 0x1228 SAFE15 Browser Monitor - ok
12:37:20.0005 0x1228 Amazon Cloud Player - ok
12:37:20.0015 0x1228 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
12:37:20.0017 0x1228 Win FW state via NFP2: enabled
12:37:22.0358 0x1228 ============================================================
12:37:22.0358 0x1228 Scan finished
12:37:22.0358 0x1228 ============================================================
12:37:22.0361 0x0368 Detected object count: 1
12:37:22.0361 0x0368 Actual detected object count: 1
12:37:46.0647 0x0368 AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:46.0647 0x0368 AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:38:40.0714 0x0cd0 Deinitialize success
|
|
18.05.2015, 08:16
| #5 |
| /// the machine /// TB-Ausbilder | Infizierte .doc-Datei geöffnet sieht alles gut aus 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Infizierte .doc-Datei geöffnet |
| adware, antivir, avira, bonjour, browser, computer, cpu-z, cyberghost, desktop, e-mail, firefox, flash player, grand theft auto, hotspot, hängen, installation, kaspersky, launch, mozilla, mp3, registry, scan, security, software, svchost.exe, system, tracker, virus, vista, windows, wlan |
Linear-Darstellung
