| |
| |||||||
Log-Analyse und Auswertung: Telekom Brief Zeus/ZbotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.05.2015, 13:07
| #16 |
 |  Telekom Brief Zeus/Zbot und noch die interessanten Ergebnisse von tdss auf dem Laptop2: Code:
ATTFilter 14:01:26.0680 0x18ac TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:01:26.0680 0x18ac UEFI system
14:01:30.0317 0x18ac ============================================================
14:01:30.0317 0x18ac Current date / time: 2015/05/24 14:01:30.0317
14:01:30.0317 0x18ac SystemInfo:
14:01:30.0317 0x18ac
14:01:30.0317 0x18ac OS Version: 6.3.9600 ServicePack: 0.0
14:01:30.0317 0x18ac Product type: Workstation
14:01:30.0317 0x18ac ComputerName: DEISSLER
14:01:30.0317 0x18ac UserName: Doppel D
14:01:30.0317 0x18ac Windows directory: C:\Windows
14:01:30.0317 0x18ac System windows directory: C:\Windows
14:01:30.0317 0x18ac Running under WOW64
14:01:30.0317 0x18ac Processor architecture: Intel x64
14:01:30.0317 0x18ac Number of processors: 4
14:01:30.0317 0x18ac Page size: 0x1000
14:01:30.0317 0x18ac Boot type: Normal boot
14:01:30.0317 0x18ac ============================================================
14:01:30.0920 0x18ac KLMD registered as C:\Windows\system32\drivers\76061655.sys
14:01:31.0359 0x18ac System UUID: {0BE498D0-3960-8FAE-394F-81A7A26EAD36}
14:01:31.0827 0x18ac Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:01:31.0835 0x18ac ============================================================
14:01:31.0835 0x18ac \Device\Harddisk0\DR0:
14:01:31.0835 0x18ac GPT partitions:
14:01:31.0836 0x18ac \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {2BFBEAF5-E6C8-42DE-A3E9-5260D5C6C5BD}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x145000
14:01:31.0836 0x18ac \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {54680D2D-08D4-4490-B58B-6336579B40FD}, Name: EFI system partition, StartLBA 0x145800, BlocksNum 0x82000
14:01:31.0836 0x18ac \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C7B94240-5977-4E3A-B8DB-BA4D0E35B11B}, Name: Microsoft reserved partition, StartLBA 0x1C7800, BlocksNum 0x40000
14:01:31.0836 0x18ac \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6D550D50-5370-464E-B6D0-5521F7A8E333}, Name: Basic data partition, StartLBA 0x207800, BlocksNum 0x7161F800
14:01:31.0836 0x18ac \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {407945CF-CF86-4A85-A8CC-1E169E1B5509}, Name: Basic data partition, StartLBA 0x71827000, BlocksNum 0x2EDD000
14:01:31.0836 0x18ac MBR partitions:
14:01:31.0836 0x18ac ============================================================
14:01:31.0857 0x18ac C: <-> \Device\Harddisk0\DR0\Partition4
14:01:31.0907 0x18ac D: <-> \Device\Harddisk0\DR0\Partition5
14:01:31.0907 0x18ac ============================================================
14:01:31.0907 0x18ac Initialize success
14:01:31.0907 0x18ac ============================================================
14:01:41.0742 0x1264 ============================================================
14:01:41.0742 0x1264 Scan started
14:01:41.0742 0x1264 Mode: Manual; SigCheck; TDLFS;
14:01:41.0742 0x1264 ============================================================
14:01:41.0742 0x1264 KSN ping started
14:01:44.0153 0x1264 KSN ping finished: true
14:01:45.0887 0x1264 ================ Scan system memory ========================
14:01:45.0888 0x1264 System memory - ok
14:01:45.0890 0x1264 ================ Scan services =============================
14:01:46.0067 0x1264 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
14:01:46.0115 0x1264 1394ohci - ok
14:01:46.0148 0x1264 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
14:01:46.0164 0x1264 3ware - ok
14:01:46.0190 0x1264 [ F39180029723D7779C80360F9E255709, F4831FEE79AAF4DB66BF58D3F89B8A6DD8F38CD546B3C653BFF7052DDA112CC6 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:01:46.0201 0x1264 Accelerometer - ok
14:01:46.0252 0x1264 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:01:46.0286 0x1264 ACPI - ok
14:01:46.0303 0x1264 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
14:01:46.0318 0x1264 acpiex - ok
14:01:46.0325 0x1264 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
14:01:46.0339 0x1264 acpipagr - ok
14:01:46.0348 0x1264 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
14:01:46.0362 0x1264 AcpiPmi - ok
14:01:46.0369 0x1264 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
14:01:46.0384 0x1264 acpitime - ok
14:01:46.0472 0x1264 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:46.0483 0x1264 AdobeARMservice - ok
14:01:46.0588 0x1264 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:46.0603 0x1264 AdobeFlashPlayerUpdateSvc - ok
14:01:46.0666 0x1264 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
14:01:46.0705 0x1264 ADP80XX - ok
14:01:46.0741 0x1264 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:01:46.0778 0x1264 AeLookupSvc - ok
14:01:46.0824 0x1264 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
14:01:46.0853 0x1264 AFD - ok
14:01:46.0880 0x1264 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:01:46.0895 0x1264 agp440 - ok
14:01:46.0937 0x1264 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
14:01:46.0953 0x1264 ahcache - ok
14:01:46.0995 0x1264 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
14:01:47.0010 0x1264 ALG - ok
14:01:47.0042 0x1264 [ 6EF9DB99793BC3494EDA6C2B1DA7FA32, 5EDA9068E84070445A0585D27727D1ED74E17E87584A6661D08E394544E14E34 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:01:47.0064 0x1264 AMD External Events Utility - ok
14:01:47.0141 0x1264 AMD FUEL Service - ok
14:01:47.0181 0x1264 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
14:01:47.0203 0x1264 AmdK8 - ok
14:01:47.0685 0x1264 [ EA20992B6D899437F844F796325F42D7, A7671D1154841BE8D9B6E59C527F64D5790ACBE18F1CE033CC58C080AC7D8BC2 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:01:48.0124 0x1264 amdkmdag - ok
14:01:48.0224 0x1264 [ 3FC5DEC11E6B595EAF80537B3A7827AA, 5AEE9D8931BA9D0C2D9FAB66874501B7138CAACB5588D7D08349AE9CA0D66D35 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:01:48.0255 0x1264 amdkmdap - ok
14:01:48.0295 0x1264 [ C04F35935BF6274F5593B78C7B295760, 29BC36696B3D5C75DEF9C9D96D3C06E5C6D964A00B4D5CD354CB08002E085191 ] amdkmpfd C:\Windows\system32\drivers\amdkmpfd.sys
14:01:48.0312 0x1264 amdkmpfd - ok
14:01:48.0327 0x1264 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
14:01:48.0342 0x1264 AmdPPM - ok
14:01:48.0356 0x1264 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:01:48.0371 0x1264 amdsata - ok
14:01:48.0410 0x1264 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:01:48.0431 0x1264 amdsbs - ok
14:01:48.0453 0x1264 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:01:48.0465 0x1264 amdxata - ok
14:01:48.0577 0x1264 [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
14:01:48.0609 0x1264 AntiVirMailService - ok
14:01:48.0657 0x1264 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:01:48.0680 0x1264 AntiVirSchedulerService - ok
14:01:48.0730 0x1264 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:01:48.0751 0x1264 AntiVirService - ok
14:01:48.0806 0x1264 [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
14:01:48.0848 0x1264 AntiVirWebService - ok
14:01:48.0888 0x1264 [ 10378ADFA7F832B68616C3B8C6470DBB, 4738F81C40BF3B75612E983AC0DADCA8B4A7D3A5B3FBB5058B93D421A32979AC ] AODDriver4.3 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
14:01:48.0898 0x1264 AODDriver4.3 - ok
14:01:48.0953 0x1264 [ 9DCB42905F1EBF9CEC57EE5DF0BDA965, 4C888AAD0DDE01565FD7FBB6B70A500158CF2E4CECF9ADD4AFD302A993587269 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
14:01:48.0969 0x1264 AppHostSvc - ok
14:01:48.0997 0x1264 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
14:01:49.0013 0x1264 AppID - ok
14:01:49.0050 0x1264 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:01:49.0065 0x1264 AppIDSvc - ok
14:01:49.0107 0x1264 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
14:01:49.0124 0x1264 Appinfo - ok
14:01:49.0171 0x1264 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
14:01:49.0201 0x1264 AppReadiness - ok
14:01:49.0267 0x1264 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
14:01:49.0318 0x1264 AppXSvc - ok
14:01:49.0347 0x1264 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:01:49.0363 0x1264 arcsas - ok
14:01:49.0476 0x1264 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:01:49.0490 0x1264 aspnet_state - ok
14:01:49.0509 0x1264 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:49.0527 0x1264 AsyncMac - ok
14:01:49.0553 0x1264 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
14:01:49.0566 0x1264 atapi - ok
14:01:49.0611 0x1264 [ 8645A198090288F4C5FD998903736216, 720B37BEE126E708E70ECA51770670E5DE389C0E48AEA191DCBCB08A8A1655F1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdWB6.sys
14:01:49.0633 0x1264 AtiHDAudioService - ok
14:01:49.0679 0x1264 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:01:49.0712 0x1264 AudioEndpointBuilder - ok
14:01:49.0781 0x1264 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:01:49.0828 0x1264 Audiosrv - ok
14:01:49.0861 0x1264 [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:01:49.0875 0x1264 avgntflt - ok
14:01:49.0913 0x1264 [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:01:49.0926 0x1264 avipbb - ok
14:01:49.0984 0x1264 [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
14:01:49.0996 0x1264 Avira.OE.ServiceHost - ok
14:01:50.0010 0x1264 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:01:50.0019 0x1264 avkmgr - ok
14:01:50.0051 0x1264 [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
14:01:50.0061 0x1264 avnetflt - ok
14:01:50.0105 0x1264 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:01:50.0122 0x1264 AxInstSV - ok
14:01:50.0170 0x1264 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:01:50.0204 0x1264 b06bdrv - ok
14:01:50.0229 0x1264 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
14:01:50.0243 0x1264 BasicDisplay - ok
14:01:50.0251 0x1264 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
14:01:50.0266 0x1264 BasicRender - ok
14:01:50.0294 0x1264 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
14:01:50.0306 0x1264 bcmfn2 - ok
14:01:50.0353 0x1264 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll
14:01:50.0377 0x1264 BDESVC - ok
14:01:50.0396 0x1264 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
14:01:50.0421 0x1264 Beep - ok
14:01:50.0487 0x1264 [ 22A5582ACF0CEE97268D7868C69F35CE, 78A44C10966FE467D3FCC76BE37647AE2CC2BCA9DE5715AD9E643162B23C3A19 ] BFE C:\Windows\System32\bfe.dll
14:01:50.0529 0x1264 BFE - ok
14:01:50.0599 0x1264 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
14:01:50.0644 0x1264 BITS - ok
14:01:50.0689 0x1264 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:01:50.0712 0x1264 Bonjour Service - ok
14:01:50.0742 0x1264 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:01:50.0757 0x1264 bowser - ok
14:01:50.0807 0x1264 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:01:50.0829 0x1264 BrokerInfrastructure - ok
14:01:50.0861 0x1264 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
14:01:50.0879 0x1264 Browser - ok
14:01:50.0936 0x1264 [ 8930614CCA26B8AEE8B8160C44DC2458, F687C1B7EBAAB1127D03436BBDBE9964D7385E7BBC921B8DF44B9C62E2B99D25 ] BTDevManager C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
14:01:50.0952 0x1264 BTDevManager - detected UnsignedFile.Multi.Generic ( 1 )
14:01:53.0416 0x1264 Detect skipped due to KSN trusted
14:01:53.0416 0x1264 BTDevManager - ok
14:01:53.0483 0x1264 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
14:01:53.0503 0x1264 BthAvrcpTg - ok
14:01:53.0550 0x1264 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
14:01:53.0566 0x1264 BthEnum - ok
14:01:53.0610 0x1264 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
14:01:53.0625 0x1264 BthHFEnum - ok
14:01:53.0633 0x1264 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
14:01:53.0647 0x1264 bthhfhid - ok
14:01:53.0687 0x1264 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
14:01:53.0710 0x1264 BthHFSrv - ok
14:01:53.0744 0x1264 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
14:01:53.0765 0x1264 BthLEEnum - ok
14:01:53.0795 0x1264 [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
14:01:53.0810 0x1264 BTHMODEM - ok
14:01:53.0844 0x1264 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\Windows\System32\drivers\bthpan.sys
14:01:53.0861 0x1264 BthPan - ok
14:01:53.0954 0x1264 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:01:54.0002 0x1264 BTHPORT - ok
14:01:54.0040 0x1264 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
14:01:54.0056 0x1264 bthserv - ok
14:01:54.0110 0x1264 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:01:54.0133 0x1264 BTHUSB - ok
14:01:54.0150 0x1264 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:01:54.0167 0x1264 cdfs - ok
14:01:54.0190 0x1264 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
14:01:54.0208 0x1264 cdrom - ok
14:01:54.0252 0x1264 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
14:01:54.0270 0x1264 CertPropSvc - ok
14:01:54.0297 0x1264 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
14:01:54.0311 0x1264 circlass - ok
14:01:54.0356 0x1264 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\Windows\system32\drivers\CLFS.sys
14:01:54.0380 0x1264 CLFS - ok
14:01:54.0531 0x1264 [ 42C5B8010D47EF3F4BAE6D1B427E80F4, 721C24522C43D50081EA01FD521D68EB365B91561CCF2E7AD1F091FBD61E67FB ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
14:01:54.0617 0x1264 ClickToRunSvc - ok
14:01:54.0669 0x1264 [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
14:01:54.0680 0x1264 CLVirtualDrive - ok
14:01:54.0712 0x1264 [ 9731DAFDC7B690B2C7752FDFF045BFD8, 9DDBDC4FE519AF38993EAB2F16602B2B71CF8675BDD1F651F22DFA8C5C2C80F7 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
14:01:54.0721 0x1264 clwvd - ok
14:01:54.0748 0x1264 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
14:01:54.0763 0x1264 CmBatt - ok
14:01:54.0820 0x1264 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\Windows\system32\Drivers\cng.sys
14:01:54.0855 0x1264 CNG - ok
14:01:54.0881 0x1264 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
14:01:54.0895 0x1264 CompositeBus - ok
14:01:54.0901 0x1264 COMSysApp - ok
14:01:54.0919 0x1264 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
14:01:54.0934 0x1264 condrv - ok
14:01:54.0976 0x1264 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:01:55.0003 0x1264 CryptSvc - ok
14:01:55.0091 0x1264 [ F016D182507CD4671B6D6672CD71C54B, 392382207B76B313895D9BDF48AFDF3B0E11EDF9381059EF757817FE60BE077D ] DACoreService C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
14:01:55.0112 0x1264 DACoreService - ok
14:01:55.0145 0x1264 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\Windows\system32\drivers\dam.sys
14:01:55.0158 0x1264 dam - ok
14:01:55.0215 0x1264 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:01:55.0255 0x1264 DcomLaunch - ok
14:01:55.0322 0x1264 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
14:01:55.0351 0x1264 defragsvc - ok
14:01:55.0416 0x1264 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
14:01:55.0443 0x1264 DeviceAssociationService - ok
14:01:55.0507 0x1264 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
14:01:55.0524 0x1264 DeviceInstall - ok
14:01:55.0554 0x1264 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
14:01:55.0569 0x1264 Dfsc - ok
14:01:55.0596 0x1264 [ CFBB4907C7542180B5E0282301240006, 6E4732842F6526559F511D8053194159FFB78BB8F42FB167E7663ECEE257CF97 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
14:01:55.0606 0x1264 DgiVecp - ok
14:01:55.0651 0x1264 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
14:01:55.0691 0x1264 Dhcp - ok
14:01:55.0769 0x1264 [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack C:\Windows\system32\diagtrack.dll
14:01:55.0825 0x1264 DiagTrack - ok
14:01:55.0860 0x1264 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
14:01:55.0875 0x1264 disk - ok
14:01:55.0884 0x1264 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
14:01:55.0898 0x1264 dmvsc - ok
14:01:55.0945 0x1264 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:01:55.0966 0x1264 Dnscache - ok
14:01:56.0004 0x1264 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
14:01:56.0024 0x1264 dot3svc - ok
14:01:56.0062 0x1264 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
14:01:56.0082 0x1264 DPS - ok
14:01:56.0104 0x1264 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:01:56.0116 0x1264 drmkaud - ok
14:01:56.0152 0x1264 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
14:01:56.0171 0x1264 DsmSvc - ok
14:01:56.0257 0x1264 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:01:56.0320 0x1264 DXGKrnl - ok
14:01:56.0351 0x1264 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
14:01:56.0368 0x1264 Eaphost - ok
14:01:56.0505 0x1264 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:01:56.0635 0x1264 ebdrv - ok
14:01:56.0685 0x1264 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
14:01:56.0716 0x1264 EFS - ok
14:01:56.0750 0x1264 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
14:01:56.0767 0x1264 EhStorClass - ok
14:01:56.0793 0x1264 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:01:56.0808 0x1264 EhStorTcgDrv - ok
14:01:56.0829 0x1264 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
14:01:56.0842 0x1264 ErrDev - ok
14:01:56.0906 0x1264 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
14:01:56.0936 0x1264 EventSystem - ok
14:01:56.0949 0x1264 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
14:01:56.0974 0x1264 exfat - ok
14:01:56.0999 0x1264 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:01:57.0019 0x1264 fastfat - ok
14:01:57.0077 0x1264 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
14:01:57.0108 0x1264 Fax - ok
14:01:57.0135 0x1264 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
14:01:57.0149 0x1264 fdc - ok
14:01:57.0177 0x1264 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
14:01:57.0191 0x1264 fdPHost - ok
14:01:57.0235 0x1264 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
14:01:57.0248 0x1264 FDResPub - ok
14:01:57.0282 0x1264 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
14:01:57.0299 0x1264 fhsvc - ok
14:01:57.0327 0x1264 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:01:57.0343 0x1264 FileInfo - ok
14:01:57.0364 0x1264 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:01:57.0385 0x1264 Filetrace - ok
14:01:57.0406 0x1264 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
14:01:57.0419 0x1264 flpydisk - ok
14:01:57.0457 0x1264 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:01:57.0482 0x1264 FltMgr - ok
14:01:57.0558 0x1264 [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\Windows\system32\FntCache.dll
14:01:57.0610 0x1264 FontCache - ok
14:01:57.0666 0x1264 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:57.0676 0x1264 FontCache3.0.0.0 - ok
14:01:57.0710 0x1264 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:01:57.0724 0x1264 FsDepends - ok
14:01:57.0743 0x1264 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:01:57.0756 0x1264 Fs_Rec - ok
14:01:57.0806 0x1264 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:01:57.0869 0x1264 fvevol - ok
14:01:57.0910 0x1264 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
14:01:57.0924 0x1264 FxPPM - ok
14:01:57.0932 0x1264 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:01:57.0947 0x1264 gagp30kx - ok
14:01:58.0021 0x1264 [ E6CE7A89183D1840F0FF63694292FFA2, 8907ADCF9967026CD1A9D545E2274569F840F1DFF0E407CC77B6A662267AAC4B ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
14:01:58.0036 0x1264 GamesAppIntegrationService - ok
14:01:58.0055 0x1264 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:01:58.0068 0x1264 GamesAppService - ok
14:01:58.0087 0x1264 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
14:01:58.0101 0x1264 gencounter - ok
14:01:58.0145 0x1264 GENERICDRV - ok
14:01:58.0177 0x1264 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
14:01:58.0193 0x1264 GPIOClx0101 - ok
14:01:58.0265 0x1264 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
14:01:58.0320 0x1264 gpsvc - ok
14:01:58.0376 0x1264 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:01:58.0400 0x1264 HdAudAddService - ok
14:01:58.0437 0x1264 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
14:01:58.0452 0x1264 HDAudBus - ok
14:01:58.0476 0x1264 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
14:01:58.0489 0x1264 HidBatt - ok
14:01:58.0525 0x1264 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
14:01:58.0540 0x1264 HidBth - ok
14:01:58.0548 0x1264 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
14:01:58.0564 0x1264 hidi2c - ok
14:01:58.0572 0x1264 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
14:01:58.0586 0x1264 HidIr - ok
14:01:58.0622 0x1264 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
14:01:58.0636 0x1264 hidserv - ok
14:01:58.0668 0x1264 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
14:01:58.0681 0x1264 HidUsb - ok
14:01:58.0718 0x1264 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
14:01:58.0734 0x1264 hkmsvc - ok
14:01:58.0774 0x1264 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:01:58.0794 0x1264 HomeGroupListener - ok
14:01:58.0846 0x1264 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:01:58.0888 0x1264 HomeGroupProvider - ok
14:01:58.0987 0x1264 [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:01:59.0000 0x1264 HP Support Assistant Service - ok
14:01:59.0029 0x1264 [ 8B8E6BD988EAF18C1B86704BF05E5C03, 84052C116032F3DC47B0D3A7A8FC8E86DF94DDB3136C866D8FC8A3DF23209DEC ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:01:59.0037 0x1264 hpdskflt - ok
14:01:59.0114 0x1264 [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:01:59.0153 0x1264 hpqwmiex - ok
14:01:59.0191 0x1264 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:01:59.0205 0x1264 HpSAMD - ok
14:01:59.0229 0x1264 [ 0865F178E272C682B0689F1AA269128D, F8CC23EA339F0C917C3948FF35BEFE10664CCFF8796954898E41F4EC1618E5E1 ] hpsrv C:\Windows\system32\Hpservice.exe
14:01:59.0238 0x1264 hpsrv - ok
14:01:59.0323 0x1264 [ 28C5E3C59B130D1C9932AB3A588BD4E5, EED44E0364C75BC09FFB7CF842D3F3A5FCE269F1F8DC8CE541EB3B95BAB93AB4 ] HPWMISVC c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
14:01:59.0347 0x1264 HPWMISVC - ok
14:01:59.0399 0x1264 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:01:59.0442 0x1264 HTTP - ok
14:01:59.0460 0x1264 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:01:59.0473 0x1264 hwpolicy - ok
14:01:59.0501 0x1264 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
14:01:59.0513 0x1264 hyperkbd - ok
14:01:59.0519 0x1264 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
14:01:59.0533 0x1264 HyperVideo - ok
14:01:59.0565 0x1264 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
14:01:59.0581 0x1264 i8042prt - ok
14:01:59.0588 0x1264 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
14:01:59.0598 0x1264 iaLPSSi_GPIO - ok
14:01:59.0607 0x1264 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
14:01:59.0620 0x1264 iaLPSSi_I2C - ok
14:01:59.0657 0x1264 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
14:01:59.0683 0x1264 iaStorAV - ok
14:01:59.0702 0x1264 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:01:59.0729 0x1264 iaStorV - ok
14:01:59.0737 0x1264 IEEtwCollectorService - ok
14:01:59.0810 0x1264 [ 57322EBB67A59FB64E228F31A84CA43D, 258DA26BDFAB635F145E55CF65CDFCFE4EB91454E3F930489E92810250EF9FD7 ] IKEEXT C:\Windows\System32\ikeext.dll
14:01:59.0856 0x1264 IKEEXT - ok
14:02:00.0059 0x1264 [ CC279B89A16615B8DD13422544F6B478, DFC6AF05670CA79D8CC2C89FB5FBD8EECC4FB159CD8EFE422F06BE2A272608B6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:02:00.0189 0x1264 IntcAzAudAddService - ok
14:02:00.0278 0x1264 [ 50672DB7AF32CD9D5AB829731256642C, 5CE27D075C4C2E837A885A931B7000BC881FF3D93960A41013F2580D913C3F71 ] Intel(R) TechnologyAccessService C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
14:02:00.0307 0x1264 Intel(R) TechnologyAccessService - ok
14:02:00.0325 0x1264 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
14:02:00.0339 0x1264 intelide - ok
14:02:00.0374 0x1264 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\Windows\system32\drivers\intelpep.sys
14:02:00.0388 0x1264 intelpep - ok
14:02:00.0429 0x1264 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
14:02:00.0445 0x1264 intelppm - ok
14:02:00.0454 0x1264 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:02:00.0472 0x1264 IpFilterDriver - ok
14:02:00.0529 0x1264 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:02:00.0570 0x1264 iphlpsvc - ok
14:02:00.0614 0x1264 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
14:02:00.0628 0x1264 IPMIDRV - ok
14:02:00.0646 0x1264 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:02:00.0661 0x1264 IPNAT - ok
14:02:00.0679 0x1264 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:02:00.0695 0x1264 IRENUM - ok
14:02:00.0702 0x1264 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:02:00.0714 0x1264 isapnp - ok
14:02:00.0756 0x1264 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
14:02:00.0778 0x1264 iScsiPrt - ok
14:02:00.0907 0x1264 [ 64700303BF6592C1D139F68C63EE597A, 1094057F109B322832F72E1C727F9717292750B0826AEDA7B940B78FCF3E0F17 ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
14:02:00.0936 0x1264 iumsvc - ok
14:02:00.0989 0x1264 [ FA3F365E5AC0595B80F255A04005F053, 299061C0BC6D21ABC666BA747DF1DD64E778A58599045F481B82E7033F0751DC ] jnprns C:\Windows\system32\DRIVERS\jnprns.sys
14:02:01.0011 0x1264 jnprns - ok
14:02:01.0040 0x1264 [ B389392FC94D0E86A7D2914489B452AB, A4BC8BFD76ADCD3559704BA3BFDABDF31D1E6EC3EE6D6575C9B806FF9DB5A903 ] jnprTdi_807_50111 C:\Windows\system32\Drivers\jnprTdi_807_50111.sys
14:02:01.0051 0x1264 jnprTdi_807_50111 - ok
14:02:01.0073 0x1264 [ 44C9235408780F1F6299FA809A2C4FCE, 409E0A4212669A30E3EA14083668785C69D5F0028692F23419BCDAD00D15097A ] jnprva C:\Windows\system32\DRIVERS\jnprva.sys
14:02:01.0083 0x1264 jnprva - ok
14:02:01.0098 0x1264 [ 43389A5F75966CB4715253F1B3EAD392, 68C61701DAC97EB21AFDD9457A71417C474F9EE0B0CEE6859B694266E601803C ] JnprVaMgr C:\Windows\system32\DRIVERS\jnprvamgr.sys
14:02:01.0107 0x1264 JnprVaMgr - ok
14:02:01.0208 0x1264 [ 31288BE014E823EB97F4E35E82FCB886, 86ABDFC758A3FFB0A44052A680FF18272C82A65C2DE4554F6CAA836E132D2EA3 ] JuniperAccessService C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
14:02:01.0235 0x1264 JuniperAccessService - ok
14:02:01.0280 0x1264 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
14:02:01.0293 0x1264 kbdclass - ok
14:02:01.0322 0x1264 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
14:02:01.0335 0x1264 kbdhid - ok
14:02:01.0356 0x1264 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
14:02:01.0369 0x1264 kdnic - ok
14:02:01.0388 0x1264 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
14:02:01.0402 0x1264 KeyIso - ok
14:02:01.0442 0x1264 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:02:01.0456 0x1264 KSecDD - ok
14:02:01.0488 0x1264 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:02:01.0505 0x1264 KSecPkg - ok
14:02:01.0519 0x1264 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:02:01.0533 0x1264 ksthunk - ok
14:02:01.0577 0x1264 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:02:01.0602 0x1264 KtmRm - ok
14:02:01.0662 0x1264 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
14:02:01.0684 0x1264 LanmanServer - ok
14:02:01.0776 0x1264 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:02:01.0804 0x1264 LanmanWorkstation - ok
14:02:01.0853 0x1264 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
14:02:01.0882 0x1264 lfsvc - ok
14:02:01.0920 0x1264 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:02:01.0938 0x1264 lltdio - ok
14:02:01.0962 0x1264 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:02:01.0983 0x1264 lltdsvc - ok
14:02:02.0030 0x1264 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:02:02.0064 0x1264 lmhosts - ok
14:02:02.0101 0x1264 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:02:02.0117 0x1264 LSI_SAS - ok
14:02:02.0141 0x1264 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:02:02.0156 0x1264 LSI_SAS2 - ok
14:02:02.0165 0x1264 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
14:02:02.0180 0x1264 LSI_SAS3 - ok
14:02:02.0189 0x1264 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
14:02:02.0203 0x1264 LSI_SSS - ok
14:02:02.0261 0x1264 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
14:02:02.0297 0x1264 LSM - ok
14:02:02.0344 0x1264 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
14:02:02.0361 0x1264 luafv - ok
14:02:02.0405 0x1264 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:02:02.0414 0x1264 MBAMProtector - ok
14:02:02.0503 0x1264 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
14:02:02.0542 0x1264 MBAMService - ok
14:02:02.0565 0x1264 [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
14:02:02.0575 0x1264 MBAMWebAccessControl - ok
14:02:02.0600 0x1264 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
14:02:02.0613 0x1264 megasas - ok
14:02:02.0658 0x1264 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
14:02:02.0688 0x1264 megasr - ok
14:02:02.0723 0x1264 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
14:02:02.0749 0x1264 MMCSS - ok
14:02:02.0788 0x1264 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
14:02:02.0804 0x1264 Modem - ok
14:02:02.0829 0x1264 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
14:02:02.0842 0x1264 monitor - ok
14:02:02.0883 0x1264 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys
14:02:02.0896 0x1264 mouclass - ok
14:02:02.0914 0x1264 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys
14:02:02.0926 0x1264 mouhid - ok
14:02:02.0958 0x1264 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:02:02.0972 0x1264 mountmgr - ok
14:02:03.0003 0x1264 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:02:03.0016 0x1264 MozillaMaintenance - ok
14:02:03.0045 0x1264 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:02:03.0058 0x1264 mpsdrv - ok
14:02:03.0120 0x1264 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:02:03.0159 0x1264 MpsSvc - ok
14:02:03.0197 0x1264 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:02:03.0214 0x1264 MRxDAV - ok
14:02:03.0257 0x1264 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:02:03.0279 0x1264 mrxsmb - ok
14:02:03.0323 0x1264 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:02:03.0342 0x1264 mrxsmb10 - ok
14:02:03.0374 0x1264 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:02:03.0391 0x1264 mrxsmb20 - ok
14:02:03.0438 0x1264 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
14:02:03.0466 0x1264 MsBridge - ok
14:02:03.0498 0x1264 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
14:02:03.0514 0x1264 MSDTC - ok
14:02:03.0546 0x1264 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:02:03.0576 0x1264 Msfs - ok
14:02:03.0596 0x1264 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
14:02:03.0608 0x1264 msgpiowin32 - ok
14:02:03.0628 0x1264 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:02:03.0642 0x1264 mshidkmdf - ok
14:02:03.0657 0x1264 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
14:02:03.0671 0x1264 mshidumdf - ok
14:02:03.0694 0x1264 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:02:03.0706 0x1264 msisadrv - ok
14:02:03.0746 0x1264 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:02:03.0762 0x1264 MSiSCSI - ok
14:02:03.0768 0x1264 msiserver - ok
14:02:03.0800 0x1264 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:02:03.0813 0x1264 MSKSSRV - ok
14:02:03.0850 0x1264 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
14:02:03.0863 0x1264 MsLldp - ok
14:02:03.0869 0x1264 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:02:03.0883 0x1264 MSPCLOCK - ok
14:02:03.0901 0x1264 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:02:03.0914 0x1264 MSPQM - ok
14:02:03.0939 0x1264 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:02:03.0963 0x1264 MsRPC - ok
14:02:03.0983 0x1264 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
14:02:03.0995 0x1264 mssmbios - ok
14:02:04.0023 0x1264 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:02:04.0036 0x1264 MSTEE - ok
14:02:04.0042 0x1264 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
14:02:04.0055 0x1264 MTConfig - ok
14:02:04.0072 0x1264 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
14:02:04.0086 0x1264 Mup - ok
14:02:04.0094 0x1264 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
14:02:04.0108 0x1264 mvumis - ok
14:02:04.0156 0x1264 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
14:02:04.0182 0x1264 napagent - ok
14:02:04.0228 0x1264 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:02:04.0253 0x1264 NativeWifiP - ok
14:02:04.0289 0x1264 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
14:02:04.0307 0x1264 NcaSvc - ok
14:02:04.0337 0x1264 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
14:02:04.0354 0x1264 NcbService - ok
14:02:04.0390 0x1264 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
14:02:04.0405 0x1264 NcdAutoSetup - ok
14:02:04.0471 0x1264 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:02:04.0520 0x1264 NDIS - ok
14:02:04.0551 0x1264 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:02:04.0565 0x1264 NdisCap - ok
14:02:04.0610 0x1264 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
14:02:04.0636 0x1264 NdisImPlatform - ok
14:02:04.0671 0x1264 [ 6AA7FB95A2E80428601438E83E2C2C70, 28FB4464FAA2371419FA38F484EFB9A05C28F99D554E321198BD4B9AD764B7F7 ] ndisrd C:\Windows\system32\DRIVERS\ndisrfl.sys
14:02:04.0682 0x1264 ndisrd - ok
14:02:04.0715 0x1264 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:02:04.0727 0x1264 NdisTapi - ok
14:02:04.0762 0x1264 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:02:04.0775 0x1264 Ndisuio - ok
14:02:04.0791 0x1264 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
14:02:04.0807 0x1264 NdisVirtualBus - ok
14:02:04.0830 0x1264 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:04.0851 0x1264 NdisWan - ok
14:02:04.0862 0x1264 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
14:02:04.0884 0x1264 NdisWanLegacy - ok
14:02:04.0917 0x1264 [ 0BBE2FA30BAD58C9ADC01E4F84A3D2A1, 913AEC8A5F735C2EFDCB417E4077AB5A15457C601E6E88A1F4FA52C91E6E0BBF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:02:04.0930 0x1264 NDProxy - ok
14:02:04.0967 0x1264 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
14:02:04.0981 0x1264 Ndu - ok
14:02:05.0018 0x1264 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:02:05.0031 0x1264 NetBIOS - ok
14:02:05.0053 0x1264 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:02:05.0073 0x1264 NetBT - ok
14:02:05.0093 0x1264 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
14:02:05.0107 0x1264 Netlogon - ok
14:02:05.0150 0x1264 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
14:02:05.0171 0x1264 Netman - ok
14:02:05.0221 0x1264 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
14:02:05.0256 0x1264 netprofm - ok
14:02:05.0291 0x1264 [ 6D93008DAB18953F2BD3B7186385A511, 4AFD8126944F725C5D8AB93DCEA554515D944F5F34D5CADA6B22366DE55EA1FF ] NetTap630 C:\Windows\system32\DRIVERS\nettap630.sys
14:02:05.0303 0x1264 NetTap630 - ok
14:02:05.0358 0x1264 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:02:05.0373 0x1264 NetTcpPortSharing - ok
14:02:05.0405 0x1264 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
14:02:05.0419 0x1264 netvsc - ok
14:02:05.0469 0x1264 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
14:02:05.0494 0x1264 NlaSvc - ok
14:02:05.0516 0x1264 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:02:05.0548 0x1264 Npfs - ok
14:02:05.0567 0x1264 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
14:02:05.0580 0x1264 npsvctrig - ok
14:02:05.0606 0x1264 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
14:02:05.0620 0x1264 nsi - ok
14:02:05.0647 0x1264 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:02:05.0661 0x1264 nsiproxy - ok
14:02:05.0756 0x1264 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:02:05.0840 0x1264 Ntfs - ok
14:02:05.0861 0x1264 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
14:02:05.0874 0x1264 Null - ok
14:02:05.0896 0x1264 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:02:05.0914 0x1264 nvraid - ok
14:02:05.0925 0x1264 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:02:05.0943 0x1264 nvstor - ok
14:02:05.0952 0x1264 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:02:05.0968 0x1264 nv_agp - ok
14:02:06.0117 0x1264 [ 98060FFF86EA387F08BFDEFFB0C8E29C, 7F9963340A694ADEB3C9D5AE3A01F7D73A226147675F95DBA10A45E27C53C478 ] omniserv C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
14:02:06.0132 0x1264 omniserv - detected UnsignedFile.Multi.Generic ( 1 )
14:02:08.0668 0x1264 Detect skipped due to KSN trusted
14:02:08.0668 0x1264 omniserv - ok
14:02:08.0760 0x1264 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:08.0792 0x1264 ose - ok
14:02:09.0049 0x1264 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:02:09.0200 0x1264 osppsvc - ok
14:02:09.0255 0x1264 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:02:09.0285 0x1264 p2pimsvc - ok
14:02:09.0330 0x1264 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
14:02:09.0357 0x1264 p2psvc - ok
14:02:09.0384 0x1264 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
14:02:09.0399 0x1264 Parport - ok
14:02:09.0441 0x1264 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:02:09.0459 0x1264 partmgr - ok
14:02:09.0519 0x1264 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:02:09.0551 0x1264 PcaSvc - ok
14:02:09.0601 0x1264 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
14:02:09.0623 0x1264 pci - ok
14:02:09.0636 0x1264 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
14:02:09.0649 0x1264 pciide - ok
14:02:09.0687 0x1264 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:02:09.0703 0x1264 pcmcia - ok
14:02:09.0721 0x1264 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
14:02:09.0735 0x1264 pcw - ok
14:02:09.0760 0x1264 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\Windows\system32\drivers\pdc.sys
14:02:09.0774 0x1264 pdc - ok
14:02:09.0815 0x1264 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:02:09.0848 0x1264 PEAUTH - ok
14:02:09.0910 0x1264 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:02:09.0926 0x1264 PerfHost - ok
14:02:10.0017 0x1264 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
14:02:10.0077 0x1264 pla - ok
14:02:10.0118 0x1264 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:02:10.0135 0x1264 PlugPlay - ok
14:02:10.0165 0x1264 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:02:10.0179 0x1264 PNRPAutoReg - ok
14:02:10.0209 0x1264 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:02:10.0234 0x1264 PNRPsvc - ok
14:02:10.0274 0x1264 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:02:10.0302 0x1264 PolicyAgent - ok
14:02:10.0347 0x1264 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
14:02:10.0368 0x1264 Power - ok
14:02:10.0398 0x1264 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:02:10.0423 0x1264 PptpMiniport - ok
14:02:10.0665 0x1264 [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
14:02:10.0766 0x1264 PrintNotify - ok
14:02:10.0811 0x1264 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
14:02:10.0828 0x1264 Processor - ok
14:02:10.0860 0x1264 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\Windows\system32\profsvc.dll
14:02:10.0897 0x1264 ProfSvc - ok
14:02:10.0962 0x1264 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:02:10.0985 0x1264 Psched - ok
14:02:11.0035 0x1264 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
14:02:11.0060 0x1264 QWAVE - ok
14:02:11.0095 0x1264 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:02:11.0109 0x1264 QWAVEdrv - ok
14:02:11.0129 0x1264 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:02:11.0143 0x1264 RasAcd - ok
14:02:11.0182 0x1264 [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:02:11.0196 0x1264 RasAgileVpn - ok
14:02:11.0227 0x1264 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
14:02:11.0243 0x1264 RasAuto - ok
14:02:11.0282 0x1264 [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:02:11.0306 0x1264 Rasl2tp - ok
14:02:11.0381 0x1264 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
14:02:11.0411 0x1264 RasMan - ok
14:02:11.0428 0x1264 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:02:11.0446 0x1264 RasPppoe - ok
14:02:11.0483 0x1264 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:02:11.0498 0x1264 RasSstp - ok
14:02:11.0540 0x1264 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:02:11.0569 0x1264 rdbss - ok
14:02:11.0594 0x1264 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
14:02:11.0607 0x1264 rdpbus - ok
14:02:11.0632 0x1264 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:02:11.0651 0x1264 RDPDR - ok
14:02:11.0691 0x1264 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:02:11.0704 0x1264 RdpVideoMiniport - ok
14:02:11.0738 0x1264 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:02:11.0759 0x1264 rdyboost - ok
14:02:11.0818 0x1264 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
14:02:11.0863 0x1264 ReFS - ok
14:02:11.0911 0x1264 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:02:11.0930 0x1264 RemoteAccess - ok
14:02:11.0969 0x1264 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:02:11.0989 0x1264 RemoteRegistry - ok
14:02:12.0026 0x1264 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
14:02:12.0042 0x1264 RFCOMM - ok
14:02:12.0075 0x1264 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:02:12.0092 0x1264 RpcEptMapper - ok
14:02:12.0125 0x1264 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
14:02:12.0139 0x1264 RpcLocator - ok
14:02:12.0200 0x1264 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
14:02:12.0241 0x1264 RpcSs - ok
14:02:12.0286 0x1264 [ 6A940599A059C6C9D6E54D7A3EF356B8, 3C3B7706197CD4A43369C639BB8F4A101EC0B159ABADA91373824B06615D4411 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
14:02:12.0302 0x1264 RSP2STOR - ok
14:02:12.0335 0x1264 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:02:12.0354 0x1264 rspndr - ok
14:02:12.0447 0x1264 [ B85642BE0761159B63CFFC137384E17F, ACB04AC581EE475543AEA3003E3643DC2A007C4D3F1831C120F1D07BDAFF2FA4 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
14:02:12.0475 0x1264 RtkAudioService - ok
14:02:12.0513 0x1264 [ B41F597FD3AFC48B22ACF614AB5A5267, F1E55A7D185CFB02EE3B7592C2D7965EB133085FEB060F7E0B34FB3F3D5E72E5 ] RtkBtFilter C:\Windows\system32\DRIVERS\RtkBtfilter.sys
14:02:12.0537 0x1264 RtkBtFilter - ok
14:02:12.0601 0x1264 [ 7CC0D898D00675F14BA0C4BF056C1CF4, E9203DD2A201AEF206C1A4177FD564DDFC8E7468DC268BD99389626A2C6593D3 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
14:02:12.0636 0x1264 RTL8168 - ok
14:02:12.0787 0x1264 [ C59466B2D16EB041525C3ADBA6B981BE, BA5B8CA9FB4790BF143F9B31FB9A8950AB51F6A708E4BE0B9D8B0432EC745B85 ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys
14:02:12.0901 0x1264 RTWlanE - ok
14:02:12.0938 0x1264 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
14:02:12.0952 0x1264 s3cap - ok
14:02:12.0992 0x1264 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
14:02:13.0007 0x1264 SamSs - ok
14:02:13.0031 0x1264 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:02:13.0047 0x1264 sbp2port - ok
14:02:13.0082 0x1264 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:02:13.0103 0x1264 SCardSvr - ok
14:02:13.0134 0x1264 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
14:02:13.0152 0x1264 ScDeviceEnum - ok
14:02:13.0189 0x1264 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:02:13.0202 0x1264 scfilter - ok
14:02:13.0281 0x1264 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\Windows\system32\schedsvc.dll
14:02:13.0333 0x1264 Schedule - ok
14:02:13.0379 0x1264 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:02:13.0398 0x1264 SCPolicySvc - ok
14:02:13.0439 0x1264 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
14:02:13.0459 0x1264 sdbus - ok
14:02:13.0509 0x1264 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
14:02:13.0526 0x1264 sdstor - ok
14:02:13.0545 0x1264 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:02:13.0559 0x1264 secdrv - ok
14:02:13.0587 0x1264 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
14:02:13.0605 0x1264 seclogon - ok
14:02:13.0642 0x1264 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
14:02:13.0670 0x1264 SENS - ok
14:02:13.0730 0x1264 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:02:13.0758 0x1264 SensrSvc - ok
14:02:13.0871 0x1264 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
14:02:13.0888 0x1264 SerCx - ok
14:02:13.0899 0x1264 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
14:02:13.0920 0x1264 SerCx2 - ok
14:02:13.0930 0x1264 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
14:02:13.0947 0x1264 Serenum - ok
14:02:13.0964 0x1264 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
14:02:13.0980 0x1264 Serial - ok
14:02:14.0019 0x1264 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys
14:02:14.0033 0x1264 sermouse - ok
14:02:14.0088 0x1264 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
14:02:14.0115 0x1264 SessionEnv - ok
14:02:14.0137 0x1264 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
14:02:14.0155 0x1264 sfloppy - ok
14:02:14.0199 0x1264 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:02:14.0231 0x1264 SharedAccess - ok
14:02:14.0290 0x1264 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:02:14.0326 0x1264 ShellHWDetection - ok
14:02:14.0335 0x1264 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:02:14.0351 0x1264 SiSRaid2 - ok
14:02:14.0367 0x1264 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:02:14.0384 0x1264 SiSRaid4 - ok
14:02:14.0414 0x1264 [ 32B3FB238A26267D358D7159B9171505, 692470C2F8B77A5342A72DA7E384DA762DBEEEFAC25301242E23C20427DB7440 ] SmbDrv C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys
14:02:14.0425 0x1264 SmbDrv - ok
14:02:14.0448 0x1264 [ B71EF473D8B90A2C4DC76B03E382DEE6, 1224488EB9C23FAB78252A09ED2A986F5A8263EB6F236B33A54DB777426BF636 ] SmbDrvI C:\Windows\System32\drivers\Smb_driver_Intel.sys
14:02:14.0458 0x1264 SmbDrvI - ok
14:02:14.0492 0x1264 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
14:02:14.0510 0x1264 smphost - ok
14:02:14.0555 0x1264 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:02:14.0572 0x1264 SNMPTRAP - ok
14:02:14.0620 0x1264 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
14:02:14.0647 0x1264 spaceport - ok
14:02:14.0664 0x1264 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
14:02:14.0680 0x1264 SpbCx - ok
14:02:14.0739 0x1264 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\Windows\System32\spoolsv.exe
14:02:14.0783 0x1264 Spooler - ok
14:02:15.0050 0x1264 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
14:02:15.0318 0x1264 sppsvc - ok
14:02:15.0380 0x1264 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:02:15.0406 0x1264 srv - ok
14:02:15.0467 0x1264 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:02:15.0502 0x1264 srv2 - ok
14:02:15.0543 0x1264 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:02:15.0568 0x1264 srvnet - ok
14:02:15.0680 0x1264 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:02:15.0705 0x1264 SSDPSRV - ok
14:02:15.0743 0x1264 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
14:02:15.0755 0x1264 SSPORT - ok
14:02:15.0802 0x1264 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:02:15.0823 0x1264 SstpSvc - ok
14:02:15.0848 0x1264 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:02:15.0863 0x1264 stexstor - ok
14:02:15.0921 0x1264 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
14:02:15.0957 0x1264 stisvc - ok
14:02:15.0968 0x1264 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
14:02:15.0986 0x1264 storahci - ok
14:02:16.0012 0x1264 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:02:16.0027 0x1264 storflt - ok
14:02:16.0036 0x1264 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
14:02:16.0052 0x1264 stornvme - ok
14:02:16.0084 0x1264 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
14:02:16.0102 0x1264 StorSvc - ok
14:02:16.0111 0x1264 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:02:16.0125 0x1264 storvsc - ok
14:02:16.0155 0x1264 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
14:02:16.0172 0x1264 svsvc - ok
14:02:16.0211 0x1264 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
14:02:16.0224 0x1264 swenum - ok
14:02:16.0283 0x1264 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
14:02:16.0323 0x1264 swprv - ok
14:02:16.0375 0x1264 [ CDA92383EFB52846B7894280A559C330, 8ACE4212AD4ABD29B06950F8CABBDF1B4813A311FAE3C0A999E60E711FD236CC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:02:16.0401 0x1264 SynTP - ok
14:02:16.0431 0x1264 [ EE9F01B61899A4576AC09EE7DD200A34, 6990E332CD11ABBB535535EC9079D87BBD4D0BE37119EBC5878A7320F2689F64 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
14:02:16.0447 0x1264 SynTPEnhService - ok
14:02:16.0525 0x1264 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\Windows\system32\sysmain.dll
14:02:16.0579 0x1264 SysMain - ok
14:02:16.0628 0x1264 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:02:16.0650 0x1264 SystemEventsBroker - ok
14:02:16.0687 0x1264 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:02:16.0707 0x1264 TabletInputService - ok
14:02:16.0753 0x1264 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
14:02:16.0780 0x1264 TapiSrv - ok
14:02:16.0908 0x1264 [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:02:17.0013 0x1264 Tcpip - ok
14:02:17.0096 0x1264 [ 3C2DF97A21A9BBE6355B0A51F288EFFF, 47BBE47CFE2379B072AEEC360C4F207059BED9AD18C55FDF2AC0DA9CAD837BFB ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:02:17.0199 0x1264 TCPIP6 - ok
14:02:17.0242 0x1264 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:02:17.0258 0x1264 tcpipreg - ok
14:02:17.0300 0x1264 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:02:17.0320 0x1264 tdx - ok
14:02:17.0343 0x1264 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
14:02:17.0358 0x1264 terminpt - ok
14:02:17.0431 0x1264 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
14:02:17.0477 0x1264 TermService - ok
14:02:17.0678 0x1264 [ 407DB52B50C8C8154FF114DCEC1FB73C, 2C9C3B9E16ADDB0A03D0FDE96C680980F7D2BFFF9DFCAC36C5977087436DF5F7 ] Texis Monitor C:\SIMULIA\Documentation\monitor.exe
14:02:17.0821 0x1264 Texis Monitor - detected UnsignedFile.Multi.Generic ( 1 )
14:02:20.0482 0x1264 Texis Monitor ( UnsignedFile.Multi.Generic ) - warning
14:02:22.0988 0x1264 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
14:02:23.0008 0x1264 Themes - ok
14:02:23.0047 0x1264 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
14:02:23.0066 0x1264 THREADORDER - ok
14:02:23.0114 0x1264 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
14:02:23.0141 0x1264 TimeBroker - ok
14:02:23.0185 0x1264 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
14:02:23.0204 0x1264 TPM - ok
14:02:23.0270 0x1264 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
14:02:23.0290 0x1264 TrkWks - ok
14:02:23.0359 0x1264 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:02:23.0376 0x1264 TrustedInstaller - ok
14:02:23.0401 0x1264 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:02:23.0418 0x1264 TsUsbFlt - ok
14:02:23.0454 0x1264 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
14:02:23.0467 0x1264 TsUsbGD - ok
14:02:23.0502 0x1264 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:02:23.0523 0x1264 tunnel - ok
14:02:23.0532 0x1264 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:02:23.0546 0x1264 uagp35 - ok
14:02:23.0565 0x1264 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
14:02:23.0580 0x1264 UASPStor - ok
14:02:23.0609 0x1264 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
14:02:23.0628 0x1264 UCX01000 - ok
14:02:23.0668 0x1264 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:02:23.0695 0x1264 udfs - ok
14:02:23.0723 0x1264 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
14:02:23.0744 0x1264 UEFI - ok
14:02:23.0784 0x1264 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:02:23.0802 0x1264 UI0Detect - ok
14:02:23.0836 0x1264 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:02:23.0854 0x1264 uliagpkx - ok
14:02:23.0878 0x1264 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
14:02:23.0895 0x1264 umbus - ok
14:02:23.0903 0x1264 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
14:02:23.0917 0x1264 UmPass - ok
14:02:23.0960 0x1264 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
14:02:23.0985 0x1264 UmRdpService - ok
14:02:24.0035 0x1264 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
14:02:24.0065 0x1264 upnphost - ok
14:02:24.0108 0x1264 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
14:02:24.0133 0x1264 usbccgp - ok
14:02:24.0171 0x1264 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
14:02:24.0189 0x1264 usbcir - ok
14:02:24.0221 0x1264 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
14:02:24.0238 0x1264 usbehci - ok
14:02:24.0266 0x1264 [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:02:24.0277 0x1264 usbfilter - ok
14:02:24.0332 0x1264 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
14:02:24.0361 0x1264 usbhub - ok
14:02:24.0416 0x1264 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
14:02:24.0449 0x1264 USBHUB3 - ok
14:02:24.0494 0x1264 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
14:02:24.0508 0x1264 usbohci - ok
14:02:24.0528 0x1264 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
14:02:24.0542 0x1264 usbprint - ok
14:02:24.0578 0x1264 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\Windows\System32\drivers\usbscan.sys
14:02:24.0592 0x1264 usbscan - ok
14:02:24.0634 0x1264 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
14:02:24.0651 0x1264 USBSTOR - ok
14:02:24.0694 0x1264 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
14:02:24.0707 0x1264 usbuhci - ok
14:02:24.0739 0x1264 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:02:24.0758 0x1264 usbvideo - ok
14:02:24.0815 0x1264 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
14:02:24.0838 0x1264 USBXHCI - ok
14:02:24.0852 0x1264 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
14:02:24.0866 0x1264 VaultSvc - ok
14:02:24.0899 0x1264 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:02:24.0912 0x1264 vdrvroot - ok
14:02:24.0983 0x1264 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
14:02:25.0036 0x1264 vds - ok
14:02:25.0068 0x1264 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
14:02:25.0086 0x1264 VerifierExt - ok
14:02:25.0143 0x1264 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
14:02:25.0174 0x1264 vhdmp - ok
14:02:25.0206 0x1264 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
14:02:25.0219 0x1264 viaide - ok
14:02:25.0248 0x1264 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:02:25.0263 0x1264 vmbus - ok
14:02:25.0270 0x1264 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
14:02:25.0283 0x1264 VMBusHID - ok
14:02:25.0336 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
14:02:25.0368 0x1264 vmicguestinterface - ok
14:02:25.0389 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
14:02:25.0423 0x1264 vmicheartbeat - ok
14:02:25.0445 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:02:25.0478 0x1264 vmickvpexchange - ok
14:02:25.0499 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
14:02:25.0531 0x1264 vmicrdv - ok
14:02:25.0552 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
14:02:25.0584 0x1264 vmicshutdown - ok
14:02:25.0605 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
14:02:25.0635 0x1264 vmictimesync - ok
14:02:25.0655 0x1264 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
14:02:25.0686 0x1264 vmicvss - ok
14:02:25.0711 0x1264 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:02:25.0728 0x1264 volmgr - ok
14:02:25.0756 0x1264 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:02:25.0785 0x1264 volmgrx - ok
14:02:25.0830 0x1264 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:02:25.0853 0x1264 volsnap - ok
14:02:25.0873 0x1264 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
14:02:25.0888 0x1264 vpci - ok
14:02:25.0911 0x1264 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:02:25.0930 0x1264 vsmraid - ok
14:02:26.0007 0x1264 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\Windows\system32\vssvc.exe
14:02:26.0068 0x1264 VSS - ok
14:02:26.0089 0x1264 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
14:02:26.0114 0x1264 VSTXRAID - ok
14:02:26.0147 0x1264 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:02:26.0163 0x1264 vwifibus - ok
14:02:26.0193 0x1264 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:02:26.0210 0x1264 vwififlt - ok
14:02:26.0228 0x1264 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:02:26.0244 0x1264 vwifimp - ok
14:02:26.0300 0x1264 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
14:02:26.0327 0x1264 W32Time - ok
14:02:26.0372 0x1264 [ A22546B0093EBBDE03C52E56C3391373, 0C28D5C6A4E4EF12ABF0195409CAED17E07DEA22FB330D99FEEF847CBBC04A4E ] w3logsvc C:\Windows\system32\inetsrv\w3logsvc.dll
14:02:26.0388 0x1264 w3logsvc - ok
14:02:26.0414 0x1264 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
14:02:26.0428 0x1264 WacomPen - ok
14:02:26.0471 0x1264 [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:02:26.0486 0x1264 Wanarp - ok
14:02:26.0492 0x1264 [ B41F3E5780D97CFD44A717153AD9CF2C, 6133104D9E5BCFDCDF55E3C52AA701766102A8F86D3F2667BBBF7168E3B3E2AB ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:02:26.0507 0x1264 Wanarpv6 - ok
14:02:26.0555 0x1264 [ 9BAE40BD31E3EE0B0C70BEF167E0A2BC, 2419AC815C95F2629E1832973501983D06F788728755605D42D6C8565C3CBBF1 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
14:02:26.0584 0x1264 WAS - ok
14:02:26.0677 0x1264 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
14:02:26.0742 0x1264 wbengine - ok
14:02:26.0784 0x1264 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:02:26.0812 0x1264 WbioSrvc - ok
14:02:26.0870 0x1264 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
14:02:26.0898 0x1264 Wcmsvc - ok
14:02:26.0949 0x1264 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:02:26.0980 0x1264 wcncsvc - ok
14:02:27.0022 0x1264 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:02:27.0042 0x1264 WcsPlugInService - ok
14:02:27.0075 0x1264 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
14:02:27.0089 0x1264 WdBoot - ok
14:02:27.0143 0x1264 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:02:27.0180 0x1264 Wdf01000 - ok
14:02:27.0202 0x1264 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
14:02:27.0223 0x1264 WdFilter - ok
14:02:27.0259 0x1264 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:02:27.0278 0x1264 WdiServiceHost - ok
14:02:27.0284 0x1264 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:02:27.0309 0x1264 WdiSystemHost - ok
14:02:27.0330 0x1264 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
14:02:27.0345 0x1264 WdNisDrv - ok
14:02:27.0394 0x1264 WdNisSvc - ok
14:02:27.0432 0x1264 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\Windows\System32\webclnt.dll
14:02:27.0454 0x1264 WebClient - ok
14:02:27.0492 0x1264 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:02:27.0515 0x1264 Wecsvc - ok
14:02:27.0550 0x1264 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
14:02:27.0567 0x1264 WEPHOSTSVC - ok
14:02:27.0599 0x1264 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:02:27.0633 0x1264 wercplsupport - ok
14:02:27.0677 0x1264 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
14:02:27.0698 0x1264 WerSvc - ok
14:02:27.0753 0x1264 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
14:02:27.0770 0x1264 WFPLWFS - ok
14:02:27.0812 0x1264 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
14:02:27.0828 0x1264 WiaRpc - ok
14:02:27.0846 0x1264 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:02:27.0859 0x1264 WIMMount - ok
14:02:27.0863 0x1264 WinDefend - ok
14:02:27.0912 0x1264 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:02:27.0950 0x1264 WinHttpAutoProxySvc - ok
14:02:28.0031 0x1264 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:02:28.0051 0x1264 Winmgmt - ok
14:02:28.0172 0x1264 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
14:02:28.0268 0x1264 WinRM - ok
14:02:28.0308 0x1264 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
14:02:28.0318 0x1264 WirelessButtonDriver - ok
14:02:28.0401 0x1264 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
14:02:28.0462 0x1264 WlanSvc - ok
14:02:28.0533 0x1264 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
14:02:28.0593 0x1264 wlidsvc - ok
14:02:28.0612 0x1264 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
14:02:28.0624 0x1264 WmiAcpi - ok
14:02:28.0665 0x1264 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:02:28.0684 0x1264 wmiApSrv - ok
14:02:28.0718 0x1264 WMPNetworkSvc - ok
14:02:28.0754 0x1264 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
14:02:28.0772 0x1264 Wof - ok
14:02:28.0866 0x1264 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
14:02:28.0929 0x1264 workfolderssvc - ok
14:02:28.0970 0x1264 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
14:02:28.0984 0x1264 wpcfltr - ok
14:02:29.0015 0x1264 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:02:29.0029 0x1264 WPCSvc - ok
14:02:29.0062 0x1264 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:02:29.0079 0x1264 WPDBusEnum - ok
14:02:29.0109 0x1264 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
14:02:29.0121 0x1264 WpdUpFltr - ok
14:02:29.0133 0x1264 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:02:29.0152 0x1264 ws2ifsl - ok
14:02:29.0192 0x1264 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
14:02:29.0210 0x1264 wscsvc - ok
14:02:29.0241 0x1264 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
14:02:29.0256 0x1264 WSDPrintDevice - ok
14:02:29.0286 0x1264 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
14:02:29.0299 0x1264 WSDScan - ok
14:02:29.0305 0x1264 WSearch - ok
14:02:29.0467 0x1264 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
14:02:29.0597 0x1264 WSService - ok
14:02:29.0758 0x1264 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\Windows\system32\wuaueng.dll
14:02:29.0873 0x1264 wuauserv - ok
14:02:29.0906 0x1264 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:02:29.0920 0x1264 WudfPf - ok
14:02:29.0962 0x1264 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
14:02:29.0981 0x1264 WUDFRd - ok
14:02:30.0011 0x1264 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:02:30.0029 0x1264 wudfsvc - ok
14:02:30.0041 0x1264 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
14:02:30.0061 0x1264 WUDFWpdFs - ok
14:02:30.0116 0x1264 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:02:30.0150 0x1264 WwanSvc - ok
14:02:30.0179 0x1264 ================ Scan global ===============================
14:02:30.0200 0x1264 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
14:02:30.0238 0x1264 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
14:02:30.0280 0x1264 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
14:02:30.0329 0x1264 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
14:02:30.0339 0x1264 [ Global ] - ok
14:02:30.0340 0x1264 ================ Scan MBR ==================================
14:02:30.0350 0x1264 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:02:30.0416 0x1264 \Device\Harddisk0\DR0 - ok
14:02:30.0416 0x1264 ================ Scan VBR ==================================
14:02:30.0446 0x1264 [ 0B66C5BEDCF7488B9D8C785D583165B6 ] \Device\Harddisk0\DR0\Partition1
14:02:30.0503 0x1264 \Device\Harddisk0\DR0\Partition1 - ok
14:02:30.0542 0x1264 [ 3A356FF4EEBE6E010359623E9552753F ] \Device\Harddisk0\DR0\Partition2
14:02:30.0589 0x1264 \Device\Harddisk0\DR0\Partition2 - ok
14:02:30.0604 0x1264 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:02:30.0605 0x1264 \Device\Harddisk0\DR0\Partition3 - ok
14:02:30.0622 0x1264 [ 368951780A21C662279438FDF55E658B ] \Device\Harddisk0\DR0\Partition4
14:02:30.0695 0x1264 \Device\Harddisk0\DR0\Partition4 - ok
14:02:30.0726 0x1264 [ C2B7C327F88704D1072916659161C72A ] \Device\Harddisk0\DR0\Partition5
14:02:30.0740 0x1264 \Device\Harddisk0\DR0\Partition5 - ok
14:02:30.0741 0x1264 ================ Scan generic autorun ======================
14:02:31.0055 0x1264 [ 82311E6BB2DFE95068B612DAE1A45CD1, 21962178AF6439B64C162EF71D6F7100B5D4CAA24053E74E85EB4FA334CA6B32 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
14:02:31.0266 0x1264 RTHDVCPL - ok
14:02:31.0281 0x1264 SynTPEnh - ok
14:02:31.0420 0x1264 [ 1E41BAC800ABEF1DA2C42EB843D0077D, FBD05FF7442E4880183E736E1D000011FD791EDDED796AC8234CF4D4A6905636 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
14:02:31.0452 0x1264 StartCCC - ok
14:02:31.0669 0x1264 [ 2660AE6DE6B4C4EC647BE75A06D3DDD1, 71A5D504ED44E7DB8DFA0722BAAF3B41FF86ACBE0CEA285BDDA28C5836FB267C ] C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
14:02:31.0745 0x1264 JunosPulse - ok
14:02:31.0788 0x1264 [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files (x86)\PDF24\pdf24.exe
14:02:31.0804 0x1264 PDFPrint - ok
14:02:31.0850 0x1264 [ 36EC32B20A18849D60BDCE57C3952E95, DEEA94E4671FF43408435B487E3F127CD91FC4AD38FB636959A8B78D74726E7D ] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
14:02:31.0887 0x1264 Samsung PanelMgr - detected UnsignedFile.Multi.Generic ( 1 )
14:02:34.0341 0x1264 Samsung PanelMgr ( UnsignedFile.Multi.Generic ) - warning
14:02:36.0888 0x1264 [ FCD1C5EAA34FDBEDC87022F2F4FE9C80, 988A4FCB6A6FF58FDECAC3CC92463947D97B5BEDA411FC8167A08FE8AF82277D ] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe
14:02:36.0915 0x1264 3170 Scan2PC - detected UnsignedFile.Multi.Generic ( 1 )
14:02:39.0474 0x1264 Detect skipped due to KSN trusted
14:02:39.0474 0x1264 3170 Scan2PC - ok
14:02:39.0586 0x1264 [ FD8635F0976F6538C43CD306AF4A3BE5, 6108A2B39DEF7947317F2BEC881153939A1122391AEEE85356C3915AF2FFE9AC ] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
14:02:39.0610 0x1264 AccelerometerSysTrayApplet - ok
14:02:39.0709 0x1264 [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
14:02:39.0744 0x1264 avgnt - ok
14:02:39.0822 0x1264 [ 535833DA47D695208FC65591385FE1F6, 781D81F492A16EC5BB96C1C82C56DCEDA6FF79943D81D6292C152C1D6B3F95CF ] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
14:02:39.0842 0x1264 HPMessageService - ok
14:02:39.0883 0x1264 [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
14:02:39.0899 0x1264 Avira Systray - ok
14:02:39.0998 0x1264 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:02:40.0034 0x1264 Adobe ARM - ok
14:02:40.0452 0x1264 [ BB441F69C310FC218DED7946CDB23064, 90C5BDF2A9D8F4BF686EAEAFA940127D2E54DADC5F3D6F5419D0D991CB853461 ] C:\Users\Doppel D\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
14:02:40.0865 0x1264 Pokki - ok
14:02:41.0072 0x1264 [ 4D59BEBF01FED98C8E7F2A5DC1F9F442, 280CE34123287161D1AED05C8406507E8723552D6825301ECC46BB3C8AB7D0D9 ] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
14:02:41.0128 0x1264 Power2GoExpress8 - ok
14:02:41.0186 0x1264 [ 4CD8FAEAE28BC807955245F3950AB299, 3B372FEF66170D4C8ADE9A759E4ED3FBA60F932B06CF3DCAB61499C9198B0414 ] C:\Program Files (x86)\MP4 Player\mp4Player.exe
14:02:41.0220 0x1264 MP4 Player - detected UnsignedFile.Multi.Generic ( 1 )
14:02:43.0695 0x1264 Detect skipped due to KSN trusted
14:02:43.0695 0x1264 MP4 Player - ok
14:02:43.0698 0x1264 Waiting for KSN requests completion. In queue: 7
14:02:44.0698 0x1264 Waiting for KSN requests completion. In queue: 7
14:02:45.0699 0x1264 Waiting for KSN requests completion. In queue: 7
14:02:46.0725 0x1264 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
14:02:46.0821 0x1264 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
14:02:46.0826 0x1264 Win FW state via NFP2: enabled
14:02:49.0282 0x1264 ============================================================
14:02:49.0282 0x1264 Scan finished
14:02:49.0282 0x1264 ============================================================
14:02:49.0306 0x22c8 Detected object count: 2
14:02:49.0306 0x22c8 Actual detected object count: 2
14:03:21.0369 0x22c8 Texis Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:21.0369 0x22c8 Texis Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:03:21.0369 0x22c8 Samsung PanelMgr ( UnsignedFile.Multi.Generic ) - skipped by user
14:03:21.0370 0x22c8 Samsung PanelMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.05.2015, 13:17
| #17 |
| | Telekom Brief Zeus/Zbot Die Logs vom letzten Laptop (Laptop 3) auch hier gibts funde in tdss
__________________Laptop3 FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015
Ran by S**** (administrator) on S****-PC on 24-05-2015 13:53:12
Running from C:\S******\Desktop
Loaded Profiles: S**** (Available Profiles: S****)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(NVIDIA Corporation) C:\Windows\SysWOW64\nvSCPAPISvr.exe
(Expansion Programs International, Inc.) C:\Program Files\Abaqus\Documentation\monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Expansion Programs International, Inc.) C:\Program Files\Abaqus\Documentation\monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dropbox, Inc.) C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8098848 2009-09-04] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-11] (Microsoft Corporation)
Startup: C:\Users\S****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-01-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default
FF Homepage: web.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-23] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default\searchplugins\avira-safesearch.xml [2014-05-10]
FF Extension: Avira Browser Safety - C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: Adblock Plus - C:\Users\S****\AppData\Roaming\Mozilla\Firefox\Profiles\7mj11cyh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-12]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 Stereo Service; C:\Windows\SysWOW64\nvSCPAPISvr.exe [239720 2009-10-17] (NVIDIA Corporation)
R2 Texis Monitor; C:\Program Files\Abaqus\Documentation\monitor.exe [4493312 2011-12-13] (Expansion Programs International, Inc.) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-02-04] (Samsung Electronics Co., Ltd.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 13:53 - 2015-05-24 13:53 - 00000000 ____D () C:\FRST
2015-05-24 13:28 - 2015-05-24 13:28 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-23 16:15 - 2015-05-24 13:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 16:15 - 2015-05-23 16:15 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-23 15:52 - 2015-05-23 16:04 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-17 20:33 - 2015-05-17 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-12 22:45 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:45 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:08 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:08 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:08 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:08 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:08 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 21:08 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 21:08 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:08 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:08 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 21:08 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:08 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 21:08 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:08 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 21:08 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:08 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:08 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:08 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 21:08 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 21:08 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:08 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 21:08 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:08 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:08 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:08 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 21:08 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:08 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 21:08 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 21:08 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:08 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 21:08 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:08 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 21:08 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:08 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:08 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:08 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 21:08 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:08 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:08 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:08 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 21:08 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:08 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:08 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:08 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 21:08 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:08 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 21:08 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:08 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 21:08 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:08 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:08 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:08 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:08 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:08 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:08 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 21:08 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:08 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:08 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:08 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:08 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:08 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 20:36 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 20:36 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 20:36 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 20:36 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 20:31 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 20:31 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 20:31 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 20:31 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 20:31 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 20:31 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 20:31 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 20:31 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 20:31 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 20:31 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 20:31 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 20:31 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 20:31 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 20:31 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 20:31 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 20:31 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 20:31 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 20:31 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 20:31 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 20:31 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 20:31 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 20:31 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 20:31 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 20:31 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 20:31 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 20:28 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 20:28 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 20:28 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 20:28 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 20:28 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 20:28 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 20:28 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 20:28 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 20:28 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 20:28 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 20:28 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 20:28 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 20:28 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 20:28 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 20:28 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 20:28 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 20:28 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 20:28 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-24 13:50 - 2014-08-01 20:11 - 00000000 ____D () C:\Users\S****\AppData\Roaming\DVDVideoSoft
2015-05-24 13:47 - 2014-01-14 17:31 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 13:27 - 2014-01-22 18:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-24 13:27 - 2014-01-22 18:18 - 00000000 ____D () C:\MSOCache
2015-05-24 13:26 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 13:26 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-24 13:23 - 2009-07-14 04:34 - 00000387 _____ () C:\Windows\win.ini
2015-05-24 13:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-24 13:15 - 2014-01-14 18:01 - 00000546 _____ () C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job
2015-05-24 12:56 - 2014-01-10 16:16 - 01264726 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 11:59 - 2009-07-14 06:45 - 00027872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:59 - 2009-07-14 06:45 - 00027872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 11:52 - 2014-01-12 00:35 - 00000000 ____D () C:\Users\S****\AppData\Roaming\Dropbox
2015-05-24 11:50 - 2014-01-14 17:31 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 11:50 - 2014-01-10 21:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 11:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 11:50 - 2009-07-14 06:51 - 00064203 _____ () C:\Windows\setupact.log
2015-05-23 16:27 - 2014-01-10 21:28 - 00000000 ____D () C:\Users\S*****\AppData\Local\Adobe
2015-05-23 16:15 - 2014-01-10 21:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-23 16:15 - 2014-01-10 21:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-23 15:53 - 2009-07-14 19:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-05-23 15:53 - 2009-07-14 19:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-05-23 15:53 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 20:42 - 2014-01-14 17:31 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 20:42 - 2014-01-14 17:31 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 23:14 - 2015-04-05 21:32 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-19 23:14 - 2015-04-05 21:32 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-19 20:47 - 2014-02-21 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-19 20:43 - 2014-02-21 17:21 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-19 20:43 - 2014-02-21 17:21 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-18 20:06 - 2014-01-10 21:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-13 23:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 21:49 - 2009-07-14 06:45 - 00448264 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 21:45 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 21:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 21:44 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-12 22:54 - 2014-01-10 21:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 22:49 - 2014-01-10 21:51 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 22:45 - 2015-01-20 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 22:44 - 2015-01-20 21:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 22:44 - 2015-01-20 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 20:50 - 2014-01-11 14:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-09 10:22 - 2014-01-12 00:36 - 00000000 ____D () C:\Users\S*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== Files in the root of some directories =======
2014-06-16 12:12 - 2015-01-13 22:23 - 0011333 _____ () C:\Users\S****\AppData\Roaming\SmarThruOptions.xml
2014-07-07 21:17 - 2014-07-07 21:17 - 0003584 _____ () C:\Users\S****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-23 00:40 - 2014-11-23 00:40 - 0007600 _____ () C:\Users\S****\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\S****\AppData\Local\Temp\avgnt.exe
C:\Users\S****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt_fymo.dll
C:\Users\S****\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\S****\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\S****\AppData\Local\Temp\LMkRstPt.exe
C:\Users\S****\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\S****\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-19 22:14
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by S**** at 2015-05-24 13:55:08
Running from C:\S****\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1182937863-3971946200-2950405193-500 - Administrator - Disabled)
Gast (S-1-5-21-1182937863-3971946200-2950405193-501 - Limited - Disabled)
S**** (S-1-5-21-1182937863-3971946200-2950405193-1000 - Administrator - Enabled) => C:\Users\S****
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Abaqus 6.13 Documentation (HKLM-x32\...\Abaqus 6.13 Documentation) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Abaqus 6.13-5 (HKLM-x32\...\Abaqus 6.13-5) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
CES EduPack 2014 (HKLM-x32\...\{60A532BD-A3EF-4360-A146-CF7C13133E85}) (Version: 1.1.0.0 - Granta Design Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}) (Version: 13.0.089 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{791FF357-3DE8-485E-BD59-41844BB16415}) (Version: 13.0.089 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30611 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.4.31475 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Maple 17 (HKLM\...\Maple 17) (Version: 17.0.0.0 - Maplesoft)
Maple 17 (HKLM-x32\...\Maple 17) (Version: - Maplesoft)
MATLAB R2013b (HKLM\...\Matlab R2013b) (Version: 8.2 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.16.11.8771 - NVIDIA Corporation)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5932 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Samsung SCX-4300 Series (HKLM-x32\...\Samsung SCX-4300 Series) (Version: - Samsung Electronics CO.,LTD)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMedia Recode Version 3.1.9.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.1 - XMedia Recode)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1182937863-3971946200-2950405193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\S****\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
08-05-2015 20:16:36 Geplanter Prüfpunkt
12-05-2015 22:43:02 Windows Update
19-05-2015 23:14:08 Windows Update
23-05-2015 16:02:07 Prüfpunkt von HitmanPro
23-05-2015 16:03:34 Prüfpunkt von HitmanPro
23-05-2015 16:04:05 Prüfpunkt von HitmanPro
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09D94382-2EE8-497F-87CE-DAB68AB08293} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {5EFCCEAB-C349-4D19-A39F-5411E3F7D67A} - System32\Tasks\MATLAB R2013b Startup Accelerator => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe [2013-08-05] ()
Task: {64AD3445-A02E-42E4-844C-FE7CEC0047AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B6195368-0099-41EA-90C0-E137400B339D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {D89ADBDD-9F52-4A50-BB98-BE0B02536084} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {DD61792C-15C5-41DB-BCE2-1D90B413B07D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {EEA5217F-072E-400A-9DBF-8357D01E3951} - System32\Tasks\{01206BF3-6AF6-4F58-A92B-9954BD11B150} => pcalua.exe -a "C:\Program Files\Abaqus\SIMULIA_Abaqus_6.13_SP5__6.13-5_.SIM_Abaqus.media.4-4\SIM_Abaqus.media\1\setup.exe" -d "C:\Program Files\Abaqus\SIMULIA_Abaqus_6.13_SP5__6.13-5_.SIM_Abaqus.media.4-4\SIM_Abaqus.media\1"
Task: {F70008CA-E827-411C-8F80-5F63C151F534} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2013b Startup Accelerator.job => C:\Program Files\MATLAB\R2013b\bin\win64\MATLABStartupAccelerator.exe
==================== Loaded Modules (Whitelisted) ==============
2009-08-14 12:16 - 2009-08-14 12:16 - 00022016 _____ () C:\Windows\System32\sse1ml6.dll
2015-05-24 11:51 - 2015-05-24 11:51 - 00043008 _____ () c:\users\s****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpt_fymo.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\S****\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1182937863-3971946200-2950405193-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\S****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5E04E8D3-2073-468E-8507-AC3A7B3885BA}] => (Allow) C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3C0CBB58-F923-4A2E-A02D-0284F28FD055}] => (Allow) C:\Users\S****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7B4ABE3B-3AF1-4C14-815A-51EC6488DC6B}C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1339E3FA-5106-404B-9440-5BEC22EC6DCB}C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\s****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5F35D732-3E1B-4FA0-B70A-6B695CBD2014}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1121FE43-39EB-46EB-A184-1217213C5D3A}] => (Allow) LPort=2869
FirewallRules: [{DE06834D-511F-44BD-8753-E932D466E9E9}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{832742CF-512B-409B-ACBC-EA65185C04A9}C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe] => (Allow) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [UDP Query User{A088E701-C7D6-4B02-BBDB-04E6329673C9}C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe] => (Allow) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [{F2674B45-0338-4D95-9CB9-CCDC06A27073}] => (Block) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [{A9480B27-71F6-4469-9A1E-13913256B056}] => (Block) C:\users\s****\appdata\local\temp\i1413377580\windows\resource\jre\bin\java.exe
FirewallRules: [TCP Query User{E8E2D7C4-C091-448C-AA6C-AC8BD866F88C}C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe
FirewallRules: [UDP Query User{B752ACE1-41D6-4980-9DB4-B5231874A3A9}C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\elit_driverlm.exe
FirewallRules: [TCP Query User{F6580899-1E68-4BE2-934F-5AEBFE13A928}C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [UDP Query User{8DF765B6-5996-4648-8018-DDEFADBD7461}C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\program files\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{44C01D78-DCB4-4804-9943-FF9D16D57EA6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F3535FC-4194-4F69-AA37-A40D07218B72}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000360,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000315EAF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b50,(null),0,REG_BINARY,000000000609E150.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {2aba8475-ffae-4ea1-9496-ebf1471e7de7}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b50,(null),0,REG_BINARY,000000000609E150.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {2aba8475-ffae-4ea1-9496-ebf1471e7de7}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001bc,(null),0,REG_BINARY,00000000151BDEA0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {f32ba69c-0457-4ccb-966e-d76edb5bc184}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000005b0,(null),0,REG_BINARY,000000000159DF20.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {9f789c6f-6180-4e45-9827-4caa835ef646}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001bc,(null),0,REG_BINARY,00000000151BDEA0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {f32ba69c-0457-4ccb-966e-d76edb5bc184}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000005b0,(null),0,REG_BINARY,000000000159DF20.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {9f789c6f-6180-4e45-9827-4caa835ef646}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001e8,(null),0,REG_BINARY,000000000275EE00.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {077428c9-72e3-45c9-bac9-9169c00f52d8}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001a0,(null),0,REG_BINARY,00000000027DF280.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {ae17e266-e7fa-4d96-8906-22809c699b2a}
Error: (05/23/2015 04:04:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000190,(null),0,REG_BINARY,00000000025DECF0.72)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {104e7af8-c8b2-4baa-b280-3d6b379cc740}
System errors:
=============
Error: (05/24/2015 11:50:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (05/23/2015 04:53:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/23/2015 04:43:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/23/2015 04:33:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/23/2015 04:23:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/23/2015 04:15:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/23/2015 04:13:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (05/23/2015 03:11:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (05/21/2015 06:01:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (05/20/2015 08:34:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 4060.93 MB
Available physical RAM: 2249.98 MB
Total Pagefile: 8120.07 MB
Available Pagefile: 6211.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:368.1 GB) (Free:151.21 GB) NTFS
Drive d: () (Fixed) (Total:97.56 GB) (Free:97.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 617A8EF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
==================== End of log ============================
Geändert von rootofallevi (24.05.2015 um 13:27 Uhr) |
|
24.05.2015, 14:19
| #18 |
| | Telekom Brief Zeus/Zbot die funde in tdss auf Laptop3
__________________Code:
ATTFilter 14:09:15.0474 0x0c9c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:09:19.0936 0x0c9c ============================================================
14:09:19.0936 0x0c9c Current date / time: 2015/05/24 14:09:19.0936
14:09:19.0936 0x0c9c SystemInfo:
14:09:19.0936 0x0c9c
14:09:19.0936 0x0c9c OS Version: 6.1.7601 ServicePack: 1.0
14:09:19.0936 0x0c9c Product type: Workstation
14:09:19.0936 0x0c9c ComputerName: S****-PC
14:09:19.0936 0x0c9c UserName: S****
14:09:19.0936 0x0c9c Windows directory: C:\Windows
14:09:19.0936 0x0c9c System windows directory: C:\Windows
14:09:19.0936 0x0c9c Running under WOW64
14:09:19.0936 0x0c9c Processor architecture: Intel x64
14:09:19.0936 0x0c9c Number of processors: 2
14:09:19.0936 0x0c9c Page size: 0x1000
14:09:19.0936 0x0c9c Boot type: Normal boot
14:09:19.0936 0x0c9c ============================================================
14:09:21.0184 0x0c9c KLMD registered as C:\Windows\system32\drivers\32638106.sys
14:09:21.0542 0x0c9c System UUID: {E0F7DCD2-8447-858F-B052-D4414522B707}
14:09:22.0572 0x0c9c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:22.0588 0x0c9c ============================================================
14:09:22.0588 0x0c9c \Device\Harddisk0\DR0:
14:09:22.0588 0x0c9c MBR partitions:
14:09:22.0588 0x0c9c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:22.0588 0x0c9c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
14:09:22.0588 0x0c9c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
14:09:22.0588 0x0c9c ============================================================
14:09:22.0681 0x0c9c C: <-> \Device\Harddisk0\DR0\Partition3
14:09:22.0728 0x0c9c D: <-> \Device\Harddisk0\DR0\Partition2
14:09:22.0728 0x0c9c ============================================================
14:09:22.0728 0x0c9c Initialize success
14:09:22.0728 0x0c9c ============================================================
14:09:28.0219 0x080c ============================================================
14:09:28.0219 0x080c Scan started
14:09:28.0219 0x080c Mode: Manual; SigCheck; TDLFS;
14:09:28.0219 0x080c ============================================================
14:09:28.0219 0x080c KSN ping started
14:09:31.0199 0x080c KSN ping finished: true
14:09:32.0275 0x080c ================ Scan system memory ========================
14:09:32.0275 0x080c System memory - ok
14:09:32.0275 0x080c ================ Scan services =============================
14:09:32.0728 0x080c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:09:32.0821 0x080c 1394ohci - ok
14:09:32.0930 0x080c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:09:32.0962 0x080c ACPI - ok
14:09:33.0040 0x080c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:09:33.0071 0x080c AcpiPmi - ok
14:09:33.0227 0x080c [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:33.0274 0x080c AdobeARMservice - ok
14:09:33.0383 0x080c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:09:33.0414 0x080c adp94xx - ok
14:09:33.0492 0x080c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:09:33.0508 0x080c adpahci - ok
14:09:33.0617 0x080c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:09:33.0648 0x080c adpu320 - ok
14:09:33.0710 0x080c [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:09:33.0788 0x080c AeLookupSvc - ok
14:09:33.0913 0x080c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
14:09:33.0944 0x080c AFD - ok
14:09:34.0069 0x080c [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
14:09:34.0116 0x080c AgereSoftModem - ok
14:09:34.0194 0x080c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
14:09:34.0210 0x080c agp440 - ok
14:09:34.0241 0x080c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
14:09:34.0256 0x080c ALG - ok
14:09:34.0319 0x080c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
14:09:34.0366 0x080c aliide - ok
14:09:34.0381 0x080c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
14:09:34.0397 0x080c amdide - ok
14:09:34.0428 0x080c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:09:34.0444 0x080c AmdK8 - ok
14:09:34.0459 0x080c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:09:34.0475 0x080c AmdPPM - ok
14:09:34.0522 0x080c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:09:34.0568 0x080c amdsata - ok
14:09:34.0678 0x080c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:09:34.0724 0x080c amdsbs - ok
14:09:34.0771 0x080c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:09:34.0802 0x080c amdxata - ok
14:09:34.0958 0x080c [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
14:09:35.0021 0x080c AntiVirMailService - ok
14:09:35.0099 0x080c [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:09:35.0130 0x080c AntiVirSchedulerService - ok
14:09:35.0192 0x080c [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:09:35.0208 0x080c AntiVirService - ok
14:09:35.0317 0x080c [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
14:09:35.0364 0x080c AntiVirWebService - ok
14:09:35.0442 0x080c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
14:09:35.0473 0x080c AppID - ok
14:09:35.0520 0x080c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:09:35.0551 0x080c AppIDSvc - ok
14:09:35.0614 0x080c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
14:09:35.0629 0x080c Appinfo - ok
14:09:35.0692 0x080c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
14:09:35.0707 0x080c AppMgmt - ok
14:09:35.0816 0x080c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:09:35.0848 0x080c arc - ok
14:09:35.0879 0x080c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:09:35.0894 0x080c arcsas - ok
14:09:36.0316 0x080c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:09:36.0347 0x080c aspnet_state - ok
14:09:36.0409 0x080c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:36.0472 0x080c AsyncMac - ok
14:09:36.0518 0x080c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
14:09:36.0550 0x080c atapi - ok
14:09:36.0643 0x080c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:36.0674 0x080c AudioEndpointBuilder - ok
14:09:36.0752 0x080c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:09:36.0784 0x080c AudioSrv - ok
14:09:36.0877 0x080c [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:09:36.0924 0x080c avgntflt - ok
14:09:37.0002 0x080c [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:09:37.0033 0x080c avipbb - ok
14:09:37.0236 0x080c [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
14:09:37.0267 0x080c Avira.OE.ServiceHost - ok
14:09:37.0314 0x080c [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:09:37.0330 0x080c avkmgr - ok
14:09:37.0408 0x080c [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
14:09:37.0423 0x080c avnetflt - ok
14:09:37.0486 0x080c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:09:37.0532 0x080c AxInstSV - ok
14:09:37.0610 0x080c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:09:37.0657 0x080c b06bdrv - ok
14:09:37.0704 0x080c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:37.0720 0x080c b57nd60a - ok
14:09:37.0844 0x080c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
14:09:37.0860 0x080c BDESVC - ok
14:09:37.0876 0x080c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
14:09:37.0922 0x080c Beep - ok
14:09:38.0016 0x080c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
14:09:38.0078 0x080c BFE - ok
14:09:38.0172 0x080c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
14:09:38.0234 0x080c BITS - ok
14:09:38.0266 0x080c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:38.0281 0x080c blbdrive - ok
14:09:38.0344 0x080c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:09:38.0375 0x080c bowser - ok
14:09:38.0422 0x080c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:09:38.0453 0x080c BrFiltLo - ok
14:09:38.0468 0x080c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:09:38.0484 0x080c BrFiltUp - ok
14:09:38.0515 0x080c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
14:09:38.0531 0x080c Browser - ok
14:09:38.0609 0x080c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:09:38.0640 0x080c Brserid - ok
14:09:38.0656 0x080c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:38.0687 0x080c BrSerWdm - ok
14:09:38.0718 0x080c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:38.0734 0x080c BrUsbMdm - ok
14:09:38.0749 0x080c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:38.0765 0x080c BrUsbSer - ok
14:09:38.0843 0x080c [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:09:38.0890 0x080c BthEnum - ok
14:09:38.0921 0x080c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:09:38.0952 0x080c BTHMODEM - ok
14:09:38.0983 0x080c [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:09:39.0014 0x080c BthPan - ok
14:09:39.0092 0x080c [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:09:39.0124 0x080c BTHPORT - ok
14:09:39.0170 0x080c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
14:09:39.0217 0x080c bthserv - ok
14:09:39.0248 0x080c [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:09:39.0264 0x080c BTHUSB - ok
14:09:39.0295 0x080c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:09:39.0358 0x080c cdfs - ok
14:09:39.0436 0x080c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:09:39.0498 0x080c cdrom - ok
14:09:39.0592 0x080c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
14:09:39.0670 0x080c CertPropSvc - ok
14:09:39.0732 0x080c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:09:39.0748 0x080c circlass - ok
14:09:39.0826 0x080c [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
14:09:39.0857 0x080c CLFS - ok
14:09:40.0013 0x080c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:40.0060 0x080c clr_optimization_v2.0.50727_32 - ok
14:09:40.0216 0x080c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:40.0247 0x080c clr_optimization_v2.0.50727_64 - ok
14:09:40.0356 0x080c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:40.0387 0x080c clr_optimization_v4.0.30319_32 - ok
14:09:40.0465 0x080c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:40.0481 0x080c clr_optimization_v4.0.30319_64 - ok
14:09:40.0512 0x080c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:09:40.0528 0x080c CmBatt - ok
14:09:40.0559 0x080c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:09:40.0590 0x080c cmdide - ok
14:09:40.0730 0x080c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
14:09:40.0793 0x080c CNG - ok
14:09:40.0824 0x080c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:09:40.0840 0x080c Compbatt - ok
14:09:40.0886 0x080c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:09:40.0902 0x080c CompositeBus - ok
14:09:40.0933 0x080c COMSysApp - ok
14:09:40.0949 0x080c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:09:40.0964 0x080c crcdisk - ok
14:09:41.0027 0x080c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:09:41.0042 0x080c CryptSvc - ok
14:09:41.0136 0x080c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
14:09:41.0183 0x080c CSC - ok
14:09:41.0354 0x080c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
14:09:41.0386 0x080c CscService - ok
14:09:41.0495 0x080c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:09:41.0557 0x080c DcomLaunch - ok
14:09:41.0604 0x080c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
14:09:41.0651 0x080c defragsvc - ok
14:09:41.0729 0x080c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:09:41.0776 0x080c DfsC - ok
14:09:41.0854 0x080c [ 2D589A2C024B2FB238535DB9F7B3597D, 1EB47F73BC890D67A50C72E30BFE139AA1747C88E2FA8029A7382B203C37B512 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
14:09:41.0885 0x080c DgiVecp - ok
14:09:41.0947 0x080c [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
14:09:41.0963 0x080c dg_ssudbus - ok
14:09:42.0072 0x080c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:09:42.0119 0x080c Dhcp - ok
14:09:42.0290 0x080c [ EA8A3E8C674B03CB4AFA1D344DBD7BC1, 564D9370AE4D12973647997684B9637B2A5A7480F66B87018F789CE4E43C8191 ] DiagTrack C:\Windows\system32\diagtrack.dll
14:09:42.0337 0x080c DiagTrack - ok
14:09:42.0384 0x080c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
14:09:42.0415 0x080c discache - ok
14:09:42.0524 0x080c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:09:42.0556 0x080c Disk - ok
14:09:42.0587 0x080c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:09:42.0618 0x080c Dnscache - ok
14:09:42.0665 0x080c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
14:09:42.0712 0x080c dot3svc - ok
14:09:42.0790 0x080c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
14:09:42.0852 0x080c DPS - ok
14:09:42.0930 0x080c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:09:42.0992 0x080c drmkaud - ok
14:09:43.0055 0x080c [ F2D97A85F4F6E0942BC17C4EECEEE6B7, 3583D00634C36B16880766F7635BFF48D04CECA4F2489E2720EBE33007CA0B9B ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
14:09:43.0102 0x080c dsNcAdpt - ok
14:09:43.0180 0x080c [ 79E0BEAEAF69C24C25928E5CD7416518, AB89046F84A1CB3F2EEE98FD029E8256B7C6079BAB904D13051F6FF1802C13AC ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
14:09:43.0289 0x080c dsNcService - ok
14:09:43.0570 0x080c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:09:43.0663 0x080c DXGKrnl - ok
14:09:43.0726 0x080c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
14:09:43.0772 0x080c EapHost - ok
14:09:44.0225 0x080c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:09:44.0428 0x080c ebdrv - ok
14:09:44.0490 0x080c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] EFS C:\Windows\System32\lsass.exe
14:09:44.0537 0x080c EFS - ok
14:09:44.0771 0x080c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:09:44.0849 0x080c ehRecvr - ok
14:09:44.0911 0x080c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
14:09:44.0942 0x080c ehSched - ok
14:09:45.0036 0x080c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:09:45.0083 0x080c elxstor - ok
14:09:45.0130 0x080c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:09:45.0161 0x080c ErrDev - ok
14:09:45.0223 0x080c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
14:09:45.0286 0x080c EventSystem - ok
14:09:45.0317 0x080c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:09:45.0364 0x080c exfat - ok
14:09:45.0395 0x080c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:09:45.0442 0x080c fastfat - ok
14:09:45.0566 0x080c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
14:09:45.0707 0x080c Fax - ok
14:09:45.0894 0x080c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:09:45.0925 0x080c fdc - ok
14:09:45.0988 0x080c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
14:09:46.0050 0x080c fdPHost - ok
14:09:46.0097 0x080c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
14:09:46.0144 0x080c FDResPub - ok
14:09:46.0175 0x080c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:09:46.0190 0x080c FileInfo - ok
14:09:46.0222 0x080c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:09:46.0284 0x080c Filetrace - ok
14:09:46.0346 0x080c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:09:46.0362 0x080c flpydisk - ok
14:09:46.0456 0x080c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:09:46.0502 0x080c FltMgr - ok
14:09:46.0643 0x080c [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache C:\Windows\system32\FntCache.dll
14:09:46.0736 0x080c FontCache - ok
14:09:46.0814 0x080c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:46.0830 0x080c FontCache3.0.0.0 - ok
14:09:46.0861 0x080c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:09:46.0877 0x080c FsDepends - ok
14:09:46.0908 0x080c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:09:46.0924 0x080c Fs_Rec - ok
14:09:46.0986 0x080c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:09:47.0033 0x080c fvevol - ok
14:09:47.0064 0x080c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:09:47.0080 0x080c gagp30kx - ok
14:09:47.0173 0x080c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
14:09:47.0314 0x080c gpsvc - ok
14:09:47.0532 0x080c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:47.0563 0x080c gupdate - ok
14:09:47.0610 0x080c [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:47.0641 0x080c gupdatem - ok
14:09:47.0688 0x080c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:09:47.0704 0x080c hcw85cir - ok
14:09:47.0766 0x080c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:47.0797 0x080c HdAudAddService - ok
14:09:47.0828 0x080c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:09:47.0844 0x080c HDAudBus - ok
14:09:47.0906 0x080c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:09:47.0938 0x080c HidBatt - ok
14:09:47.0969 0x080c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:09:47.0984 0x080c HidBth - ok
14:09:48.0047 0x080c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:09:48.0078 0x080c HidIr - ok
14:09:48.0125 0x080c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
14:09:48.0187 0x080c hidserv - ok
14:09:48.0281 0x080c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:09:48.0343 0x080c HidUsb - ok
14:09:48.0406 0x080c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:09:48.0452 0x080c hkmsvc - ok
14:09:48.0515 0x080c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:48.0546 0x080c HomeGroupListener - ok
14:09:48.0624 0x080c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:48.0686 0x080c HomeGroupProvider - ok
14:09:48.0764 0x080c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:09:48.0811 0x080c HpSAMD - ok
14:09:48.0920 0x080c [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:09:49.0092 0x080c HTTP - ok
14:09:49.0139 0x080c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:09:49.0154 0x080c hwpolicy - ok
14:09:49.0217 0x080c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:09:49.0264 0x080c i8042prt - ok
14:09:49.0404 0x080c [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:09:49.0451 0x080c IAANTMON - ok
14:09:49.0482 0x080c [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:09:49.0513 0x080c iaStor - ok
14:09:49.0576 0x080c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:09:49.0591 0x080c iaStorV - ok
14:09:49.0794 0x080c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:49.0888 0x080c idsvc - ok
14:09:49.0934 0x080c IEEtwCollectorService - ok
14:09:49.0966 0x080c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:09:49.0981 0x080c iirsp - ok
14:09:50.0075 0x080c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
14:09:50.0168 0x080c IKEEXT - ok
14:09:50.0324 0x080c [ 430AAB6C09AF99D5BEB311795349E9DD, 5B4502BB9202B2DC59731BC4777755D770C380840B266C351940905DDB3E42BA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:50.0480 0x080c IntcAzAudAddService - ok
14:09:50.0527 0x080c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
14:09:50.0543 0x080c intelide - ok
14:09:50.0590 0x080c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:09:50.0605 0x080c intelppm - ok
14:09:50.0621 0x080c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:09:50.0668 0x080c IPBusEnum - ok
14:09:50.0730 0x080c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:50.0777 0x080c IpFilterDriver - ok
14:09:51.0026 0x080c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:09:51.0323 0x080c iphlpsvc - ok
14:09:51.0432 0x080c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:09:51.0541 0x080c IPMIDRV - ok
14:09:51.0713 0x080c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:09:51.0775 0x080c IPNAT - ok
14:09:51.0822 0x080c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:09:51.0838 0x080c IRENUM - ok
14:09:51.0853 0x080c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:09:51.0869 0x080c isapnp - ok
14:09:51.0916 0x080c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:09:51.0962 0x080c iScsiPrt - ok
14:09:51.0994 0x080c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:09:52.0009 0x080c kbdclass - ok
14:09:52.0072 0x080c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:09:52.0087 0x080c kbdhid - ok
14:09:52.0103 0x080c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] KeyIso C:\Windows\system32\lsass.exe
14:09:52.0118 0x080c KeyIso - ok
14:09:52.0165 0x080c [ F7DFAE6040AC910B7C64EE208A34157D, AEF1100F12391692D9DB78519D843A90C97E199A80DDC4D43E3AF1919A9E8E56 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:09:52.0181 0x080c KSecDD - ok
14:09:52.0196 0x080c [ 8FE94F2EF9BF444E93E35D87E210D02F, 78E8F6FD7C1EA3556194947707BE6893538A9E25A550C22045866C5B30251D14 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:09:52.0228 0x080c KSecPkg - ok
14:09:52.0243 0x080c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:09:52.0290 0x080c ksthunk - ok
14:09:52.0321 0x080c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
14:09:52.0399 0x080c KtmRm - ok
14:09:52.0430 0x080c [ 2377EC4CC3E356655B996F39B43486B6, 1934013BAC20D857C9060229AC847B5628FB17042057E8B1CB8E3E0F9F26D53F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
14:09:52.0493 0x080c L1C - ok
14:09:52.0555 0x080c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:09:52.0602 0x080c LanmanServer - ok
14:09:52.0664 0x080c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:52.0711 0x080c LanmanWorkstation - ok
14:09:52.0758 0x080c [ 77D5786C6A7765503884E38706C9FD5E, 827DC2069AA0997DB87E118AAAA53575D97A89147C1451464986F8D68A329D41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:09:52.0805 0x080c LHidFilt - ok
14:09:52.0836 0x080c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:09:52.0883 0x080c lltdio - ok
14:09:52.0914 0x080c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:09:52.0961 0x080c lltdsvc - ok
14:09:52.0976 0x080c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:09:53.0023 0x080c lmhosts - ok
14:09:53.0039 0x080c [ F84023FB2E3DEA06103501974A2EDB44, 38144EB7DE7F0B33F9C3E637715834CD0860CCE11915C77065000949767D98DF ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:09:53.0054 0x080c LMouFilt - ok
14:09:53.0086 0x080c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:53.0101 0x080c LSI_FC - ok
14:09:53.0132 0x080c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:53.0148 0x080c LSI_SAS - ok
14:09:53.0164 0x080c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:53.0179 0x080c LSI_SAS2 - ok
14:09:53.0195 0x080c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:53.0226 0x080c LSI_SCSI - ok
14:09:53.0242 0x080c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
14:09:53.0288 0x080c luafv - ok
14:09:53.0335 0x080c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:09:53.0351 0x080c Mcx2Svc - ok
14:09:53.0382 0x080c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:09:53.0398 0x080c megasas - ok
14:09:53.0429 0x080c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:53.0444 0x080c MegaSR - ok
14:09:53.0476 0x080c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
14:09:53.0522 0x080c MMCSS - ok
14:09:53.0538 0x080c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
14:09:53.0569 0x080c Modem - ok
14:09:53.0600 0x080c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:09:53.0647 0x080c monitor - ok
14:09:53.0694 0x080c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:09:53.0725 0x080c mouclass - ok
14:09:53.0725 0x080c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:09:53.0741 0x080c mouhid - ok
14:09:53.0788 0x080c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:09:53.0834 0x080c mountmgr - ok
14:09:53.0881 0x080c [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:53.0912 0x080c MozillaMaintenance - ok
14:09:53.0928 0x080c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
14:09:53.0959 0x080c mpio - ok
14:09:53.0990 0x080c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:09:54.0037 0x080c mpsdrv - ok
14:09:54.0100 0x080c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:09:54.0193 0x080c MpsSvc - ok
14:09:54.0224 0x080c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:09:54.0271 0x080c MRxDAV - ok
14:09:54.0302 0x080c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:54.0334 0x080c mrxsmb - ok
14:09:54.0349 0x080c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:54.0380 0x080c mrxsmb10 - ok
14:09:54.0396 0x080c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:54.0412 0x080c mrxsmb20 - ok
14:09:54.0458 0x080c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
14:09:54.0490 0x080c msahci - ok
14:09:54.0536 0x080c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:09:54.0552 0x080c msdsm - ok
14:09:54.0599 0x080c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
14:09:54.0614 0x080c MSDTC - ok
14:09:54.0646 0x080c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:09:54.0708 0x080c Msfs - ok
14:09:54.0724 0x080c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:09:54.0755 0x080c mshidkmdf - ok
14:09:54.0802 0x080c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:09:54.0817 0x080c msisadrv - ok
14:09:54.0864 0x080c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:09:54.0911 0x080c MSiSCSI - ok
14:09:54.0911 0x080c msiserver - ok
14:09:54.0958 0x080c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:09:55.0004 0x080c MSKSSRV - ok
14:09:55.0004 0x080c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:55.0051 0x080c MSPCLOCK - ok
14:09:55.0067 0x080c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:09:55.0098 0x080c MSPQM - ok
14:09:55.0160 0x080c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:09:55.0192 0x080c MsRPC - ok
14:09:55.0238 0x080c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:09:55.0254 0x080c mssmbios - ok
14:09:55.0270 0x080c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:09:55.0316 0x080c MSTEE - ok
14:09:55.0316 0x080c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:55.0348 0x080c MTConfig - ok
14:09:55.0363 0x080c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
14:09:55.0379 0x080c Mup - ok
14:09:55.0441 0x080c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
14:09:55.0535 0x080c napagent - ok
14:09:55.0582 0x080c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:09:55.0613 0x080c NativeWifiP - ok
14:09:55.0722 0x080c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
14:09:55.0784 0x080c NDIS - ok
14:09:55.0800 0x080c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:55.0847 0x080c NdisCap - ok
14:09:55.0862 0x080c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:55.0909 0x080c NdisTapi - ok
14:09:55.0956 0x080c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:56.0018 0x080c Ndisuio - ok
14:09:56.0081 0x080c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:56.0143 0x080c NdisWan - ok
14:09:56.0190 0x080c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:09:56.0252 0x080c NDProxy - ok
14:09:56.0268 0x080c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:09:56.0315 0x080c NetBIOS - ok
14:09:56.0377 0x080c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:09:56.0455 0x080c NetBT - ok
14:09:56.0471 0x080c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] Netlogon C:\Windows\system32\lsass.exe
14:09:56.0486 0x080c Netlogon - ok
14:09:56.0518 0x080c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
14:09:56.0596 0x080c Netman - ok
14:09:56.0627 0x080c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0642 0x080c NetMsmqActivator - ok
14:09:56.0674 0x080c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0689 0x080c NetPipeActivator - ok
14:09:56.0720 0x080c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
14:09:56.0783 0x080c netprofm - ok
14:09:56.0814 0x080c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0845 0x080c NetTcpActivator - ok
14:09:56.0845 0x080c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:56.0876 0x080c NetTcpPortSharing - ok
14:09:57.0110 0x080c [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:09:57.0391 0x080c netw5v64 - ok
14:09:57.0438 0x080c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:57.0454 0x080c nfrd960 - ok
14:09:57.0469 0x080c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
14:09:57.0516 0x080c NlaSvc - ok
14:09:57.0532 0x080c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:09:57.0578 0x080c Npfs - ok
14:09:57.0610 0x080c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
14:09:57.0641 0x080c nsi - ok
14:09:57.0656 0x080c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:09:57.0703 0x080c nsiproxy - ok
14:09:57.0844 0x080c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:09:57.0984 0x080c Ntfs - ok
14:09:58.0015 0x080c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
14:09:58.0062 0x080c Null - ok
14:09:58.0078 0x080c [ 4F990BD111CF94891104193F8787788F, 9EC023E1A4F19F83E95B128522E191C2FA1709150971FFB5727C16B2086B0B9C ] nuvotoncir C:\Windows\system32\DRIVERS\nuvotoncir.sys
14:09:58.0109 0x080c nuvotoncir - ok
14:09:58.0156 0x080c [ AD37248BD442D41C9A896E53EB8A85EE, 9CC50602480544DBD0B873B3444D355CC13CB97EC1BCA97F85668C45DEFE78C1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:09:58.0171 0x080c NVHDA - ok
14:09:58.0624 0x080c [ FCF29A4C5A976075E55468A244110837, 0016816AA111D3696C1E0412B60118CCCB18A2C9B6656BA3EF67EA458A6728A8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:09:59.0154 0x080c nvlddmkm - ok
14:09:59.0357 0x080c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:09:59.0388 0x080c nvraid - ok
14:09:59.0435 0x080c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:09:59.0450 0x080c nvstor - ok
14:09:59.0513 0x080c [ 1A86F20153A131E02C8C6E1BD15BFCB4, B1203071B3142B6A90464B5F124C833D1D214B2ECBCC518C217F74E329D8A684 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:09:59.0544 0x080c nvsvc - ok
14:09:59.0606 0x080c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:09:59.0622 0x080c nv_agp - ok
14:09:59.0669 0x080c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:09:59.0684 0x080c ohci1394 - ok
14:09:59.0778 0x080c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:09:59.0825 0x080c p2pimsvc - ok
14:09:59.0872 0x080c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
14:09:59.0903 0x080c p2psvc - ok
14:09:59.0934 0x080c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:09:59.0950 0x080c Parport - ok
14:09:59.0981 0x080c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:09:59.0996 0x080c partmgr - ok
14:10:00.0059 0x080c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:10:00.0106 0x080c PcaSvc - ok
14:10:00.0121 0x080c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
14:10:00.0152 0x080c pci - ok
14:10:00.0184 0x080c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
14:10:00.0199 0x080c pciide - ok
14:10:00.0230 0x080c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:10:00.0262 0x080c pcmcia - ok
14:10:00.0277 0x080c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
14:10:00.0293 0x080c pcw - ok
14:10:00.0371 0x080c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:10:00.0449 0x080c PEAUTH - ok
14:10:00.0527 0x080c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:10:00.0652 0x080c PeerDistSvc - ok
14:10:00.0745 0x080c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:10:00.0792 0x080c PerfHost - ok
14:10:00.0886 0x080c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
14:10:01.0010 0x080c pla - ok
14:10:01.0042 0x080c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:10:01.0088 0x080c PlugPlay - ok
14:10:01.0104 0x080c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:10:01.0135 0x080c PNRPAutoReg - ok
14:10:01.0166 0x080c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:10:01.0182 0x080c PNRPsvc - ok
14:10:01.0260 0x080c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:10:01.0322 0x080c PolicyAgent - ok
14:10:01.0354 0x080c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
14:10:01.0400 0x080c Power - ok
14:10:01.0463 0x080c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:10:01.0510 0x080c PptpMiniport - ok
14:10:01.0541 0x080c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:10:01.0556 0x080c Processor - ok
14:10:01.0603 0x080c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
14:10:01.0666 0x080c ProfSvc - ok
14:10:01.0681 0x080c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:10:01.0697 0x080c ProtectedStorage - ok
14:10:01.0759 0x080c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:10:01.0806 0x080c Psched - ok
14:10:01.0868 0x080c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:10:01.0962 0x080c ql2300 - ok
14:10:02.0009 0x080c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:10:02.0040 0x080c ql40xx - ok
14:10:02.0071 0x080c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
14:10:02.0102 0x080c QWAVE - ok
14:10:02.0134 0x080c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:10:02.0149 0x080c QWAVEdrv - ok
14:10:02.0165 0x080c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:10:02.0212 0x080c RasAcd - ok
14:10:02.0227 0x080c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:10:02.0274 0x080c RasAgileVpn - ok
14:10:02.0290 0x080c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
14:10:02.0336 0x080c RasAuto - ok
14:10:02.0383 0x080c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:10:02.0446 0x080c Rasl2tp - ok
14:10:02.0492 0x080c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
14:10:02.0570 0x080c RasMan - ok
14:10:02.0602 0x080c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:10:02.0648 0x080c RasPppoe - ok
14:10:02.0680 0x080c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:10:02.0726 0x080c RasSstp - ok
14:10:02.0789 0x080c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:10:02.0882 0x080c rdbss - ok
14:10:02.0882 0x080c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:10:02.0914 0x080c rdpbus - ok
14:10:02.0929 0x080c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:10:02.0960 0x080c RDPCDD - ok
14:10:03.0023 0x080c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:10:03.0054 0x080c RDPDR - ok
14:10:03.0085 0x080c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:10:03.0132 0x080c RDPENCDD - ok
14:10:03.0148 0x080c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:10:03.0194 0x080c RDPREFMP - ok
14:10:03.0241 0x080c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:10:03.0288 0x080c RDPWD - ok
14:10:03.0319 0x080c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:10:03.0350 0x080c rdyboost - ok
14:10:03.0382 0x080c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:10:03.0428 0x080c RemoteAccess - ok
14:10:03.0460 0x080c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:10:03.0506 0x080c RemoteRegistry - ok
14:10:03.0538 0x080c [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:10:03.0569 0x080c RFCOMM - ok
14:10:03.0584 0x080c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:10:03.0631 0x080c RpcEptMapper - ok
14:10:03.0647 0x080c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
14:10:03.0678 0x080c RpcLocator - ok
14:10:03.0740 0x080c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
14:10:03.0803 0x080c RpcSs - ok
14:10:03.0834 0x080c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:10:03.0881 0x080c rspndr - ok
14:10:03.0928 0x080c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:10:03.0943 0x080c s3cap - ok
14:10:03.0974 0x080c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] SamSs C:\Windows\system32\lsass.exe
14:10:03.0990 0x080c SamSs - ok
14:10:04.0021 0x080c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:10:04.0037 0x080c sbp2port - ok
14:10:04.0068 0x080c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:10:04.0115 0x080c SCardSvr - ok
14:10:04.0177 0x080c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:10:04.0224 0x080c scfilter - ok
14:10:04.0333 0x080c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
14:10:04.0442 0x080c Schedule - ok
14:10:04.0489 0x080c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:10:04.0536 0x080c SCPolicySvc - ok
14:10:04.0583 0x080c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:10:04.0598 0x080c SDRSVC - ok
14:10:04.0630 0x080c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:10:04.0676 0x080c secdrv - ok
14:10:04.0692 0x080c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
14:10:04.0739 0x080c seclogon - ok
14:10:04.0770 0x080c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
14:10:04.0832 0x080c SENS - ok
14:10:04.0848 0x080c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:10:04.0879 0x080c SensrSvc - ok
14:10:04.0910 0x080c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:10:04.0926 0x080c Serenum - ok
14:10:04.0942 0x080c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:10:04.0957 0x080c Serial - ok
14:10:04.0988 0x080c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:10:05.0004 0x080c sermouse - ok
14:10:05.0051 0x080c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
14:10:05.0113 0x080c SessionEnv - ok
14:10:05.0160 0x080c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:10:05.0207 0x080c sffdisk - ok
14:10:05.0222 0x080c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:10:05.0254 0x080c sffp_mmc - ok
14:10:05.0254 0x080c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:10:05.0285 0x080c sffp_sd - ok
14:10:05.0300 0x080c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:10:05.0316 0x080c sfloppy - ok
14:10:05.0347 0x080c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:10:05.0410 0x080c SharedAccess - ok
14:10:05.0488 0x080c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:10:05.0550 0x080c ShellHWDetection - ok
14:10:05.0566 0x080c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:10:05.0581 0x080c SiSRaid2 - ok
14:10:05.0612 0x080c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:10:05.0628 0x080c SiSRaid4 - ok
14:10:05.0659 0x080c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:10:05.0706 0x080c Smb - ok
14:10:05.0753 0x080c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:10:05.0768 0x080c SNMPTRAP - ok
14:10:05.0784 0x080c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
14:10:05.0800 0x080c spldr - ok
14:10:05.0846 0x080c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
14:10:05.0909 0x080c Spooler - ok
14:10:06.0112 0x080c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
14:10:06.0330 0x080c sppsvc - ok
14:10:06.0361 0x080c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:10:06.0408 0x080c sppuinotify - ok
14:10:06.0455 0x080c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:10:06.0502 0x080c srv - ok
14:10:06.0548 0x080c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:10:06.0611 0x080c srv2 - ok
14:10:06.0704 0x080c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:10:06.0876 0x080c srvnet - ok
14:10:06.0907 0x080c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:10:06.0954 0x080c SSDPSRV - ok
14:10:07.0016 0x080c [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
14:10:07.0032 0x080c SSPORT - ok
14:10:07.0063 0x080c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:10:07.0110 0x080c SstpSvc - ok
14:10:07.0157 0x080c [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
14:10:07.0172 0x080c ssudmdm - ok
14:10:07.0250 0x080c [ 9DDE5AD12189D9AA2D1B96E129460939, DF741327D2C48837827F24D25C296E20B01BE69333461B2DFD2BAFE804A1FBBB ] Stereo Service C:\Windows\SysWOW64\nvSCPAPISvr.exe
14:10:07.0297 0x080c Stereo Service - ok
14:10:07.0313 0x080c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:10:07.0328 0x080c stexstor - ok
14:10:07.0438 0x080c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
14:10:07.0531 0x080c stisvc - ok
14:10:07.0562 0x080c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:10:07.0578 0x080c storflt - ok
14:10:07.0609 0x080c [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
14:10:07.0640 0x080c StorSvc - ok
14:10:07.0672 0x080c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:10:07.0687 0x080c storvsc - ok
14:10:07.0703 0x080c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
14:10:07.0718 0x080c swenum - ok
14:10:07.0812 0x080c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
14:10:07.0952 0x080c swprv - ok
14:10:08.0062 0x080c [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:10:08.0124 0x080c SynTP - ok
14:10:08.0264 0x080c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
14:10:08.0358 0x080c SysMain - ok
14:10:08.0405 0x080c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:10:08.0436 0x080c TabletInputService - ok
14:10:08.0467 0x080c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:10:08.0514 0x080c TapiSrv - ok
14:10:08.0530 0x080c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
14:10:08.0576 0x080c TBS - ok
14:10:08.0701 0x080c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:10:08.0795 0x080c Tcpip - ok
14:10:08.0888 0x080c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:10:08.0951 0x080c TCPIP6 - ok
14:10:08.0998 0x080c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:10:09.0013 0x080c tcpipreg - ok
14:10:09.0044 0x080c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:10:09.0076 0x080c TDPIPE - ok
14:10:09.0107 0x080c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:10:09.0122 0x080c TDTCP - ok
14:10:09.0185 0x080c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:10:09.0216 0x080c tdx - ok
14:10:09.0247 0x080c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
14:10:09.0263 0x080c TermDD - ok
14:10:09.0372 0x080c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
14:10:09.0450 0x080c TermService - ok
14:10:09.0778 0x080c [ 407DB52B50C8C8154FF114DCEC1FB73C, 2C9C3B9E16ADDB0A03D0FDE96C680980F7D2BFFF9DFCAC36C5977087436DF5F7 ] Texis Monitor C:\Program Files\Abaqus\Documentation\monitor.exe
14:10:09.0996 0x080c Texis Monitor - detected UnsignedFile.Multi.Generic ( 1 )
14:10:12.0944 0x080c Texis Monitor ( UnsignedFile.Multi.Generic ) - warning
14:10:15.0908 0x080c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
14:10:15.0955 0x080c Themes - ok
14:10:15.0986 0x080c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
14:10:16.0033 0x080c THREADORDER - ok
14:10:16.0049 0x080c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
14:10:16.0096 0x080c TrkWks - ok
14:10:16.0189 0x080c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:10:16.0283 0x080c TrustedInstaller - ok
14:10:16.0330 0x080c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:16.0361 0x080c tssecsrv - ok
14:10:16.0454 0x080c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:10:16.0497 0x080c TsUsbFlt - ok
14:10:16.0556 0x080c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:10:16.0596 0x080c tunnel - ok
14:10:16.0626 0x080c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:10:16.0636 0x080c uagp35 - ok
14:10:16.0706 0x080c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:10:16.0786 0x080c udfs - ok
14:10:16.0816 0x080c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:10:16.0836 0x080c UI0Detect - ok
14:10:16.0856 0x080c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:10:16.0876 0x080c uliagpkx - ok
14:10:16.0916 0x080c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:10:16.0936 0x080c umbus - ok
14:10:16.0976 0x080c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:10:16.0996 0x080c UmPass - ok
14:10:17.0056 0x080c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
14:10:17.0096 0x080c UmRdpService - ok
14:10:17.0146 0x080c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
14:10:17.0226 0x080c upnphost - ok
14:10:17.0256 0x080c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:17.0276 0x080c usbccgp - ok
14:10:17.0336 0x080c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:10:17.0406 0x080c usbcir - ok
14:10:17.0478 0x080c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:10:17.0508 0x080c usbehci - ok
14:10:17.0539 0x080c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:10:17.0570 0x080c usbhub - ok
14:10:17.0586 0x080c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:10:17.0601 0x080c usbohci - ok
14:10:17.0632 0x080c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:10:17.0648 0x080c usbprint - ok
14:10:17.0695 0x080c [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:10:17.0757 0x080c usbscan - ok
14:10:17.0788 0x080c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:17.0804 0x080c USBSTOR - ok
14:10:17.0851 0x080c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:10:17.0866 0x080c usbuhci - ok
14:10:17.0913 0x080c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:10:17.0944 0x080c usbvideo - ok
14:10:17.0976 0x080c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
14:10:18.0022 0x080c UxSms - ok
14:10:18.0085 0x080c [ 9262D6E2C239EDD6D87B080F2BCCEC9F, 4947F2C3DD9D2D08CBB03FCA822C78B24F841464FF52FDBFF7D34AC7EB484104 ] VaultSvc C:\Windows\system32\lsass.exe
14:10:18.0100 0x080c VaultSvc - ok
14:10:18.0116 0x080c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:10:18.0132 0x080c vdrvroot - ok
14:10:18.0210 0x080c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
14:10:18.0288 0x080c vds - ok
14:10:18.0350 0x080c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:18.0366 0x080c vga - ok
14:10:18.0381 0x080c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:10:18.0428 0x080c VgaSave - ok
14:10:18.0490 0x080c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:10:18.0522 0x080c vhdmp - ok
14:10:18.0568 0x080c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
14:10:18.0600 0x080c viaide - ok
14:10:18.0631 0x080c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:10:18.0646 0x080c vmbus - ok
14:10:18.0662 0x080c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:10:18.0678 0x080c VMBusHID - ok
14:10:18.0693 0x080c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:10:18.0724 0x080c volmgr - ok
14:10:18.0802 0x080c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:10:18.0849 0x080c volmgrx - ok
14:10:18.0880 0x080c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:10:18.0896 0x080c volsnap - ok
14:10:18.0927 0x080c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:10:18.0958 0x080c vsmraid - ok
14:10:19.0083 0x080c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
14:10:19.0208 0x080c VSS - ok
14:10:19.0224 0x080c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:10:19.0255 0x080c vwifibus - ok
14:10:19.0302 0x080c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
14:10:19.0364 0x080c W32Time - ok
14:10:19.0395 0x080c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:10:19.0411 0x080c WacomPen - ok
14:10:19.0473 0x080c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:10:19.0520 0x080c WANARP - ok
14:10:19.0520 0x080c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:10:19.0567 0x080c Wanarpv6 - ok
14:10:19.0676 0x080c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
14:10:19.0770 0x080c wbengine - ok
14:10:19.0801 0x080c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:10:19.0832 0x080c WbioSrvc - ok
14:10:19.0894 0x080c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:10:19.0941 0x080c wcncsvc - ok
14:10:19.0972 0x080c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:19.0988 0x080c WcsPlugInService - ok
14:10:20.0019 0x080c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:10:20.0035 0x080c Wd - ok
14:10:20.0113 0x080c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:10:20.0175 0x080c Wdf01000 - ok
14:10:20.0238 0x080c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:10:20.0269 0x080c WdiServiceHost - ok
14:10:20.0269 0x080c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:10:20.0284 0x080c WdiSystemHost - ok
14:10:20.0347 0x080c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
14:10:20.0409 0x080c WebClient - ok
14:10:20.0440 0x080c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:10:20.0503 0x080c Wecsvc - ok
14:10:20.0503 0x080c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:10:20.0550 0x080c wercplsupport - ok
14:10:20.0581 0x080c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
14:10:20.0628 0x080c WerSvc - ok
14:10:20.0628 0x080c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:20.0674 0x080c WfpLwf - ok
14:10:20.0706 0x080c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:10:20.0721 0x080c WIMMount - ok
14:10:20.0752 0x080c WinDefend - ok
14:10:20.0768 0x080c WinHttpAutoProxySvc - ok
14:10:20.0830 0x080c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:10:20.0893 0x080c Winmgmt - ok
14:10:21.0018 0x080c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
14:10:21.0158 0x080c WinRM - ok
14:10:21.0205 0x080c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
14:10:21.0220 0x080c WinUsb - ok
14:10:21.0283 0x080c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:10:21.0345 0x080c Wlansvc - ok
14:10:21.0517 0x080c [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:21.0657 0x080c wlidsvc - ok
14:10:21.0704 0x080c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:10:21.0735 0x080c WmiAcpi - ok
14:10:21.0766 0x080c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:10:21.0782 0x080c wmiApSrv - ok
14:10:21.0813 0x080c WMPNetworkSvc - ok
14:10:21.0829 0x080c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:10:21.0860 0x080c WPCSvc - ok
14:10:21.0907 0x080c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:10:21.0954 0x080c WPDBusEnum - ok
14:10:21.0985 0x080c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:10:22.0063 0x080c ws2ifsl - ok
14:10:22.0094 0x080c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
14:10:22.0125 0x080c wscsvc - ok
14:10:22.0125 0x080c WSearch - ok
14:10:22.0297 0x080c [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv C:\Windows\system32\wuaueng.dll
14:10:22.0468 0x080c wuauserv - ok
14:10:22.0500 0x080c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:10:22.0546 0x080c WudfPf - ok
14:10:22.0593 0x080c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:22.0609 0x080c WUDFRd - ok
14:10:22.0624 0x080c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:10:22.0656 0x080c wudfsvc - ok
14:10:22.0702 0x080c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:10:22.0734 0x080c WwanSvc - ok
14:10:22.0780 0x080c ================ Scan global ===============================
14:10:22.0796 0x080c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:10:22.0858 0x080c [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
14:10:22.0890 0x080c [ D17DD01601460F5899E5C154B3FD0BFA, B2FCFDE4B6F87634EA1F6D8AEA6D9B3C641D41D999C68B76F95491539B19D422 ] C:\Windows\system32\winsrv.dll
14:10:22.0936 0x080c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:10:22.0999 0x080c [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
14:10:23.0046 0x080c [ Global ] - ok
14:10:23.0046 0x080c ================ Scan MBR ==================================
14:10:23.0061 0x080c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:23.0451 0x080c \Device\Harddisk0\DR0 - ok
14:10:23.0451 0x080c ================ Scan VBR ==================================
14:10:23.0467 0x080c [ 177B3A5DB69C0F51412498E95153B649 ] \Device\Harddisk0\DR0\Partition1
14:10:23.0467 0x080c \Device\Harddisk0\DR0\Partition1 - ok
14:10:23.0467 0x080c [ D9C1677F95911FFF3606801AC685F48A ] \Device\Harddisk0\DR0\Partition2
14:10:23.0482 0x080c \Device\Harddisk0\DR0\Partition2 - ok
14:10:23.0514 0x080c [ AFCD9E54E2ED7037097E228A9E09F8E1 ] \Device\Harddisk0\DR0\Partition3
14:10:23.0514 0x080c \Device\Harddisk0\DR0\Partition3 - ok
14:10:23.0514 0x080c ================ Scan generic autorun ======================
14:10:23.0514 0x080c NvCplDaemon - ok
14:10:23.0888 0x080c [ C7065803783E15DE2A1281D81D849398, 1B4592F0C68BD70A8833418723E6C7EA912478189AAC3D906B2C19E86810122E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:10:24.0184 0x080c RtHDVCpl - ok
14:10:24.0200 0x080c SynTPEnh - ok
14:10:24.0309 0x080c [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
14:10:24.0340 0x080c IAAnotif - ok
14:10:24.0434 0x080c [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
14:10:24.0465 0x080c avgnt - ok
14:10:24.0543 0x080c [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:10:24.0574 0x080c SunJavaUpdateSched - ok
14:10:24.0621 0x080c [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
14:10:24.0652 0x080c Avira Systray - ok
14:10:24.0808 0x080c [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:10:24.0871 0x080c Adobe ARM - ok
14:10:24.0964 0x080c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:10:25.0167 0x080c Sidebar - ok
14:10:25.0200 0x080c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:10:25.0230 0x080c mctadmin - ok
14:10:25.0290 0x080c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:10:25.0340 0x080c Sidebar - ok
14:10:25.0370 0x080c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:10:25.0390 0x080c mctadmin - ok
14:10:25.0390 0x080c Waiting for KSN requests completion. In queue: 83
14:10:26.0402 0x080c Waiting for KSN requests completion. In queue: 83
14:10:27.0416 0x080c Waiting for KSN requests completion. In queue: 83
14:10:28.0461 0x080c AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
14:10:28.0477 0x080c Win FW state via NFP2: enabled
14:10:31.0300 0x080c ============================================================
14:10:31.0300 0x080c Scan finished
14:10:31.0300 0x080c ============================================================
14:10:31.0316 0x03c0 Detected object count: 1
14:10:31.0316 0x03c0 Actual detected object count: 1
14:15:21.0407 0x03c0 Texis Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:15:21.0407 0x03c0 Texis Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
hier die logs: Laptop1 FRST Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Michael at 2015-05-24 12:22:58 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0 (Available Profiles: Michael & Classic .NET AppPool & DefaultAppPool & ASP.NET v4.0)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\system32\Drivers\etc\hosts
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
Hosts:
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
"HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Policies\Google" => key Removed successfully
Could not move "C:\Windows\system32\Drivers\etc\hosts" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}" => key Removed successfully
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => key not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-1041102655-3613075563-312560558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => Removed 6.6 GB temporary data.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-24 12:32:46)<=
"C:\Windows\system32\Drivers\etc\hosts" => Could not move
==== End of Fixlog 12:32:46 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e4cf169053aeb34da03cc080edec2fc7
# engine=23996
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-24 12:49:41
# local_time=2015-05-24 02:49:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8115 184101631 0 0
# scanned=781947
# found=0
# cleaned=0
# scan_time=7674
Code:
ATTFilter Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Visual Studio Extensions for Windows Library for JavaScript
Java 7 Update 65
Java 8 Update 31
Visual Studio Extensions for Windows Library for JavaScript
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.134
Adobe Reader XI
Mozilla Firefox (38.0.1)
Mozilla Thunderbird (31.6.0)
Google Chrome (42.0.2311.152)
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast avastUi.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Geändert von rootofallevi (24.05.2015 um 14:25 Uhr) |
|
24.05.2015, 23:14
| #19 |
| /// TB-Ausbilder   | Telekom Brief Zeus/Zbot Servus, dein Laptop (Win 7) könnte die Meldung von der Telekom sein. Wir führen dort bitte aus: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Geändert von M-K-D-B (24.05.2015 um 23:22 Uhr) |
|
24.05.2015, 23:17
| #20 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, nun zu deinem 2. Rechner (Win 8.1): Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
24.05.2015, 23:21
| #21 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, die Funde von TDSS-Killer auf dem Laptop 3 sind Fehlalarme, keine Malware. Auch auf Laptop 3 bitte ausführen: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
|
25.05.2015, 11:58
| #22 |
| | Telekom Brief Zeus/Zbot Schönen guten Morgen, Danke für die Antwort, heißt das, dass mein Laptop vermutlich mit Zeus infiziert war/ist? Ich nehme an auf Laptop 2(win8.1 nicht win 7 wie im ersten post fälschlich angenommen) auch MBs Anti-Rootkit ausführen? Hier der Log von Anti-Rootkit auf meinem Laptop1(win7) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.25.02
rootkit: v2015.05.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17801
Michael :: MICHAEL-LAPTOP [administrator]
25.05.2015 09:32:00
mbar-log-2015-05-25 (09-32-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 577143
Time elapsed: 17 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Die MBAR-Logs der anderen Rechner folgen gleich. Beste Grüße schon sind sie da: Log von mbar auf Laptop2(win 8.1) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.25.02
rootkit: v2015.05.24.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17801
Doppel D :: DEISSLER [administrator]
25.05.2015 09:56:42
mbar-log-2015-05-25 (09-56-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 365932
Time elapsed: 29 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
und fertig: mbar log auf meinem Desktop(win8.1) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.25.02
rootkit: v2015.05.24.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17690
Michael :: BLACKTOWER [administrator]
25.05.2015 10:19:09
mbar-log-2015-05-25 (10-19-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 338674
Time elapsed: 13 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Laptop3 kann man garantiert ausschließen, da zum Zeitpunkt der Verbindung zu dem Command&Control-Server (Zeitstempel durch Provider) dieser zu 100% nicht im Netz war. Das heißt die Liste der interessanten Geräte ist dann: mein Laptop1 (win7) mein Desktop (win8.1) Laptop2 (win 8.1) Virenscans mit Avast auf allen Androidgeräten hier im Netz brachten auch keine Funde hervor. Geändert von rootofallevi (25.05.2015 um 12:11 Uhr) |
|
25.05.2015, 12:18
| #23 | ||||||||||
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, bisher konnten wir kein Rootkit und keinen Zeus-Trojaner finden. An welchem Datum sollte laut Telekom eine Kommunikation mit einem Botnetz erfolgt sein? Also dein 1. Rechner (Win 7) ist sauber, dort bitte folgendes tun: Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. ============================== auf den Rechnern mein Desktop (win8.1) Laptop2 (win 8.1) noch bitte jeweils folgendes ausführen (verwende für jeden Rechner einen extra post und poste nur, wenn du alle Logdateien beisammen hast): Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
25.05.2015, 14:34
| #24 |
| | Telekom Brief Zeus/Zbot Mein Laptop1 ist soweit wieder aufgeräumt, abgesichert und uptodate. Die oben genannten Schritte wurden auf meinem Desktop ausgeführt, dabei entstanden folgende logs: Desktop(win8.1) AdwCleaner: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 14:26:56
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-24.1 [Server]
# Betriebssystem : Windows 8.1 Pro (x64)
# Benutzername : Michael - BLACKTOWER
# Gestarted von : C:\Users\Michael\Desktop\AdwCleaner_4.205.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[/!\] Nicht Gelöscht ( Junction ) : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage
Datei Gelöscht : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eofcbnmajmjmplflapaojjnihcjkigck_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v38.0.1 (x86 de)
-\\ Google Chrome v43.0.2357.65
[C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.softonic.com/s/{searchTerms}
*************************
AdwCleaner[R0].txt - [2057 Bytes] - [25/05/2015 14:24:51]
AdwCleaner[S0].txt - [1573 Bytes] - [25/05/2015 14:26:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1632 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.05.2015 Suchlauf-Zeit: 14:53:53 Logdatei: desktop_mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.25.04 Rootkit Datenbank: v2015.05.24.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Michael Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 337816 Verstrichene Zeit: 11 Min, 1 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 Pro x64
Ran by Michael on 25.05.2015 at 15:08:14,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2015 at 15:11:16,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8.1 Pro
Program started at: 05/25/2015 03:17:17 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Michael\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 05/25/2015 03:17:18 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 Ran by Michael (administrator) on BLACKTOWER on 25-05-2015 15:19:15 Running from C:\Users\Michael\Desktop Loaded Profiles: Michael (Available Profiles: Michael) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NVRaidService] => C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [291944 2010-04-09] (NVIDIA Corporation) HKLM\...\Run: [US800Pane] => C:\Windows\system32\US800Pan.exe [1796696 2015-04-12] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1261568 2007-06-06] (Analog Devices, Inc.) HKLM-x32\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3440640 2007-06-06] (Analog Devices, Inc.) HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-24] (Avast Software s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\MountPoints2: {585dddbe-aadf-11e4-8250-001a92dae90a} - "G:\pushinst.exe" Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Touchpad Server.lnk [2015-02-03] ShortcutTarget: Touchpad Server.lnk -> C:\Program Files (x86)\Things & Stuff\Touchpad Server\TouchpadServer.exe (Things & Stuff) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-24] (Avast Software s.r.o.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-24] (Avast Software s.r.o.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-24] (Avast Software s.r.o.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-28] () FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll [2015-01-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\7bfq37mz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-09] Chrome: ======= CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09] CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09] CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10] CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-09] CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09] CHR Extension: (Bookmark Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28] CHR Extension: (Avast Online Security) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-09] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17] CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-09] CHR Extension: (ScriptSafe) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-02-10] CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-09] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-24] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [89088 2007-06-07] (Andrea Electronics Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-24] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-24] (Avast Software) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-24] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-24] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-24] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-24] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-24] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-24] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2015-02-02] () R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) R3 SaiK0728; C:\Windows\system32\DRIVERS\SaiK0728.sys [129024 2008-01-21] (Saitek) R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2007-10-03] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-10-03] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2007-10-03] (Silicon Image, Inc) S3 US800_01; C:\Windows\system32\DRIVERS\US800Wdm.sys [36440 2015-04-12] () S3 US800_AA; C:\Windows\system32\DRIVERS\US800Drv.sys [90200 2015-04-12] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-24] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 15:17 - 2015-05-25 15:17 - 00001844 _____ () C:\Users\Michael\Desktop\sc-cleaner.txt 2015-05-25 15:16 - 2015-05-25 15:16 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe 2015-05-25 15:11 - 2015-05-25 15:11 - 00000732 _____ () C:\Users\Michael\Desktop\JRdesktop_T.txt 2015-05-25 15:08 - 2015-05-25 15:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BLACKTOWER-Windows-8.1-Pro-(64-bit).dat 2015-05-25 15:08 - 2015-05-25 15:08 - 00000000 ____D () C:\RegBackup 2015-05-25 15:07 - 2015-05-25 15:07 - 02945770 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe 2015-05-25 15:05 - 2015-05-25 15:05 - 00001205 _____ () C:\Users\Michael\Desktop\desktop_mbam.txt 2015-05-25 14:36 - 2015-05-25 14:36 - 00001712 _____ () C:\Users\Michael\Desktop\Desktop_AdwCleaner[S0].txt 2015-05-25 14:32 - 2015-05-25 14:32 - 00000000 ___RD () C:\Users\Michael\OneDrive 2015-05-25 14:24 - 2015-05-25 14:27 - 00000000 ____D () C:\AdwCleaner 2015-05-25 14:21 - 2015-05-25 14:21 - 02222592 _____ () C:\Users\Michael\Desktop\AdwCleaner_4.205.exe 2015-05-25 10:18 - 2015-05-25 10:34 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-25 10:15 - 2015-05-25 10:34 - 00000000 ____D () C:\Users\Michael\Desktop\mbar 2015-05-25 10:14 - 2015-05-25 10:12 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Michael\Desktop\mbar-1.09.1.1004.exe 2015-05-24 16:57 - 2015-05-24 16:57 - 473103369 _____ () C:\Windows\MEMORY.DMP 2015-05-24 16:57 - 2015-05-24 16:57 - 00279760 _____ () C:\Windows\Minidump\052415-22421-01.dmp 2015-05-24 13:41 - 2015-05-24 16:22 - 00108774 _____ () C:\Users\Michael\Desktop\TDSS.txt 2015-05-24 13:35 - 2015-05-24 13:35 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe 2015-05-24 13:35 - 2015-05-24 13:35 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr 2015-05-24 13:35 - 2015-05-24 13:35 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job 2015-05-24 13:32 - 2015-05-24 13:32 - 00022173 _____ () C:\Users\Michael\Desktop\Addition.txt 2015-05-24 13:31 - 2015-05-25 15:19 - 00012841 _____ () C:\Users\Michael\Desktop\FRST.txt 2015-05-24 13:31 - 2015-05-25 15:19 - 00000000 ____D () C:\FRST 2015-05-24 13:16 - 2015-05-24 13:17 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Desktop\tdsskiller.exe 2015-05-24 13:15 - 2015-05-24 13:17 - 02108416 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe 2015-05-23 17:02 - 2015-05-23 17:02 - 00002047 _____ () C:\Users\Michael\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-05-23 17:02 - 2015-05-23 17:02 - 00001991 _____ () C:\Users\Michael\Desktop\Avira EU-Cleaner.lnk 2015-05-23 15:49 - 2015-05-23 15:49 - 00000000 ____D () C:\Program Files\HitmanPro 2015-05-23 15:42 - 2015-05-23 17:02 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-05-19 16:05 - 2015-05-19 16:06 - 00000197 _____ () C:\Windows\system32\2015-05-19-14-05-43.080-AvastVBoxSVC.exe-1640.log 2015-05-19 15:56 - 2015-05-19 15:56 - 00000197 _____ () C:\Windows\system32\2015-05-19-13-56-34.011-AvastVBoxSVC.exe-2428.log 2015-05-18 17:26 - 2015-05-18 17:26 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job 2015-05-09 20:17 - 2015-05-25 14:32 - 00000000 ___RD () C:\Users\Michael\OneDrive (6).old 2015-04-28 14:27 - 2015-04-28 14:27 - 00279760 _____ () C:\Windows\Minidump\042815-23703-01.dmp 2015-04-28 14:07 - 2015-04-28 14:07 - 00279760 _____ () C:\Windows\Minidump\042815-19859-01.dmp 2015-04-28 10:39 - 2015-04-28 10:39 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-39-38.035-AvastVBoxSVC.exe-2352.log 2015-04-28 10:32 - 2015-05-09 20:17 - 00000000 ___RD () C:\Users\Michael\OneDrive (5).old 2015-04-28 10:24 - 2015-04-28 10:24 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-24-32.022-AvastVBoxSVC.exe-2400.log 2015-04-28 10:19 - 2015-04-28 10:32 - 00000000 ___RD () C:\Users\Michael\OneDrive (4).old 2015-04-28 10:19 - 2015-04-28 10:19 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-19-26.095-AvastVBoxSVC.exe-2372.log 2015-04-28 10:11 - 2015-04-28 10:11 - 00000197 _____ () C:\Windows\system32\2015-04-28-08-11-53.013-AvastVBoxSVC.exe-2384.log 2015-04-28 10:10 - 2015-04-28 10:10 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-04-25 21:32 - 2015-04-25 21:48 - 00000000 ____D () C:\os161 2015-04-25 21:28 - 2015-04-26 01:25 - 00000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2015-04-25 17:55 - 2015-04-25 17:55 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-55-09.029-AvastVBoxSVC.exe-2388.log 2015-04-25 17:51 - 2015-04-25 17:51 - 00000197 _____ () C:\Windows\system32\2015-04-25-15-51-05.037-AvastVBoxSVC.exe-2384.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 15:15 - 2015-02-09 20:51 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-25 15:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-25 14:48 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-05-25 14:41 - 2015-02-09 20:51 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-25 14:41 - 2015-02-09 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-25 14:41 - 2015-02-09 20:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-25 14:39 - 2015-04-12 10:38 - 00021869 _____ () C:\Windows\system32\DICoInst64.log 2015-05-25 14:39 - 2015-02-02 16:30 - 00690628 _____ () C:\Windows\avmfwlanci.log 2015-05-25 14:39 - 2015-02-01 19:07 - 01470831 _____ () C:\Windows\WindowsUpdate.log 2015-05-25 14:38 - 2015-02-09 20:44 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-25 14:38 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-25 14:37 - 2015-04-12 10:38 - 00131214 _____ () C:\Windows\system32\DICoInst64.bak 2015-05-25 14:35 - 2015-02-10 17:26 - 00000000 ___DO () C:\Users\Michael\SkyDrive 2015-05-25 14:33 - 2013-08-22 16:46 - 00028945 _____ () C:\Windows\setupact.log 2015-05-25 14:32 - 2015-02-01 19:07 - 00000000 ____D () C:\Users\Michael 2015-05-25 14:32 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-05-24 16:57 - 2015-02-02 16:23 - 00000000 ____D () C:\Windows\Minidump 2015-05-24 16:44 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-24 16:44 - 2015-02-01 19:02 - 00029892 _____ () C:\Windows\PFRO.log 2015-05-24 13:35 - 2015-02-09 20:44 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-05-24 13:35 - 2015-02-09 20:44 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-05-23 15:47 - 2015-02-02 14:54 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-23 15:47 - 2013-08-23 01:24 - 00764340 _____ () C:\Windows\system32\perfh007.dat 2015-05-23 15:47 - 2013-08-23 01:24 - 00159160 _____ () C:\Windows\system32\perfc007.dat 2015-05-23 15:27 - 2015-02-09 20:48 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-05-20 21:48 - 2015-02-16 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-19 15:56 - 2015-02-09 20:44 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-09 20:21 - 2015-02-09 21:49 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-09 20:21 - 2015-02-09 21:49 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-29 22:05 - 2015-04-02 17:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\dvdcss 2015-04-29 22:05 - 2015-02-03 20:10 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc 2015-04-28 17:57 - 2015-02-10 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-04-28 10:19 - 2015-04-13 18:48 - 00000000 ___RD () C:\Users\Michael\OneDrive (3).old 2015-04-28 10:11 - 2015-02-17 18:28 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-28 10:11 - 2015-02-17 18:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-25 17:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness ==================== Files in the root of some directories ======= 2015-04-25 21:28 - 2015-04-26 01:25 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2015-03-31 20:37 - 2015-03-31 20:37 - 0000218 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2015-02-09 21:25 - 2015-03-03 14:31 - 0007627 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\GLF255D.tmp.exe C:\Users\Michael\AppData\Local\Temp\GLF9770.tmp.exe C:\Users\Michael\AppData\Local\Temp\jre-8u45-windows-au.exe C:\Users\Michael\AppData\Local\Temp\npp.6.7.4.Installer.exe C:\Users\Michael\AppData\Local\Temp\Quarantine.exe C:\Users\Michael\AppData\Local\Temp\sqlite3.dll C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-10 21:36 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Michael at 2015-05-25 15:20:07
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2705135437-1520576403-3312034090-500 - Administrator - Disabled)
Gast (S-1-5-21-2705135437-1520576403-3312034090-501 - Limited - Disabled)
Michael (S-1-5-21-2705135437-1520576403-3312034090-1001 - Administrator - Enabled) => C:\Users\Michael
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.8.5.1165 - Steinberg Media Technologies GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
IPCWebComponents 3.0.0.2 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.2 - )
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.6.0 (x86 de)) (Version: 31.6.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA MediaShield (HKLM-x32\...\{CC452A50-5C87-4A1F-B295-445C3C69BF7D}) (Version: 11.1.0.43 - NVIDIA Corporation)
OpenVPN 2.3.6-I001 (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
RollerCoaster Tycoon (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version: - )
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6260 - Analog Devices)
Steinberg Cubase LE 5 (HKLM-x32\...\{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}) (Version: 5.1.2 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Essential Set (HKLM-x32\...\{C04D5974-F528-4347-A494-EAF56124CC1A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.64.3 - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Touchpad Server (HKLM-x32\...\Touchpad Server_is1) (Version: 1.3 - Things & Stuff)
US800 Audio Driver (HKLM-x32\...\US800 Audio Driver Setup) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
23-03-2015 12:10:07 Geplanter Prüfpunkt
30-03-2015 12:46:47 Geplanter Prüfpunkt
10-04-2015 21:36:18 Windows Update
12-04-2015 10:47:21 Windows Modules Installer
09-05-2015 20:17:54 Windows Update
24-05-2015 13:33:58 avast! antivirus system restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {091CCA98-CFD0-4668-816F-FDE30641D621} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1588799C-4460-41C0-AA69-FF77F32E3381} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {25D3BFD7-0A4F-4BC6-B291-8B1C18A4D77B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {44E0C120-F662-4486-92FE-F3E65B0819F1} - System32\Tasks\{F11BBD6E-B477-4B35-95EE-89F16075F125} => pcalua.exe -a E:\S3\Autorun.exe -d E:\
Task: {5AE49BDE-A780-4138-9F2D-7E9A0F4EA6C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09] (Google Inc.)
Task: {5BFFBCE8-BED4-46D8-9116-9FCAC4414459} - System32\Tasks\MalwareScan => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2015-04-14] (Malwarebytes Corporation)
Task: {7BFBE983-69DD-4525-8DE1-26DBAFFB4B65} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-09] (Microsoft Corporation)
Task: {8CCEC2F7-8D00-4D80-99D1-C94B977D5B9F} - System32\Tasks\{74D79551-C8A4-4047-B788-89735DC425A5} => pcalua.exe -a "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64\AsusSetup.exe" -d "F:\Laptop SWAP\Downloads\SilI3132_SATA_V10120_Vista64bit\Sata_vista64bit\Driver\Amd64"
Task: {9767B787-CE1C-4A13-B1BD-B7A19AC736A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B0D8A2D7-7D68-456A-9761-E462073237E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-24] (Avast Software s.r.o.)
Task: {BA1C29FA-CAB8-462C-BAA0-7A5C76D6755C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BE3560FE-A816-4757-B5FF-17E0EA6B513A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {FD2FE855-B9A4-4264-AB1C-3AF23779B4D4} - \Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0917eff72797b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-05-24 13:35 - 2015-05-24 13:35 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-24 13:35 - 2015-05-24 13:35 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-25 10:16 - 2015-05-25 10:16 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052500\algo.dll
2015-05-24 13:35 - 2015-05-24 13:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Michael\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (4).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (5).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive (6).old:ms-properties
AlternateDataStreams: C:\Users\Michael\OneDrive.old:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Michael\SkyDrive.old:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AVM WLAN Connection Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run32: => "AVMWlanClient"
HKU\S-1-5-21-2705135437-1520576403-3312034090-1001\...\StartupApproved\StartupFolder: => "Touchpad Server.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{AAB8A8D3-CA72-49D4-8E20-B5F79820D6DF}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{7ACB1CC4-9D9A-4196-96E9-3BB7ADEFF15C}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [TCP Query User{8F792302-9964-4FD1-8689-8C96C290C6DD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [UDP Query User{9939554D-8E8F-416F-8E27-EE7ECAC23FAD}C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe] => (Allow) C:\program files (x86)\things & stuff\touchpad server\touchpadserver.exe
FirewallRules: [{F930095C-CF05-4655-B911-28714319CEFD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F5C5F221-2B1B-4D2D-9A7F-32373DFD30FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{EACDBECC-7E95-402B-AADF-13C3FAD92F11}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B7D48A1B-2CA4-42EF-9DA7-7227A4759BDF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4E89C4D8-799E-4F08-A0C6-8D49E16BC966}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D179C17E-73EA-4CC1-B480-08B9F98E175B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{14D4C7D2-5D15-4E49-9AFD-EB236DC9D5F3}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [UDP Query User{C77E243B-4DFC-47F3-BB1E-B41D9FA1C02C}C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe] => (Allow) C:\program files (x86)\steinberg\cubase le 5\cubase le 5.exe
FirewallRules: [{7FCB0EF7-2955-4FC1-99F2-C07B347486EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{02529297-DEBE-47C9-9557-9A77700C18C5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A48FF7B7-0BFF-4A5E-9705-0C09E060B355}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2015 03:20:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:20:03Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:19:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:19:33Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:19:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:19:03Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:18:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:18:33Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:18:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:18:03Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:17:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:17:33Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:17:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:17:03Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:16:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:16:33Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:16:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:16:03Z. Fehlercode: 0x80040154.
Error: (05/25/2015 03:15:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-05-01T13:15:32Z. Fehlercode: 0x80040154.
System errors:
=============
Error: (05/25/2015 03:08:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 03:08:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 03:08:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 03:08:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 03:08:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/25/2015 02:42:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Computerbrowser" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (05/25/2015 02:39:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Microsoft Office:
=========================
Error: (05/25/2015 03:20:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:20:03Z
Error: (05/25/2015 03:19:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:19:33Z
Error: (05/25/2015 03:19:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:19:03Z
Error: (05/25/2015 03:18:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:18:33Z
Error: (05/25/2015 03:18:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:18:03Z
Error: (05/25/2015 03:17:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:17:33Z
Error: (05/25/2015 03:17:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:17:03Z
Error: (05/25/2015 03:16:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:16:33Z
Error: (05/25/2015 03:16:03 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:16:03Z
Error: (05/25/2015 03:15:33 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-05-01T13:15:32Z
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 4094.55 MB
Available physical RAM: 2771.8 MB
Total Pagefile: 8190.55 MB
Available Pagefile: 6745.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:68.02 GB) (Free:32.04 GB) NTFS
Drive d: () (Fixed) (Total:698.63 GB) (Free:256.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: E19F6F61)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.8 GB) - (Type=82)
Partition 4: (Not Active) - (Size=76.9 GB) - (Type=83)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
==================== End of log ============================
|
|
25.05.2015, 18:16
| #25 |
| | Telekom Brief Zeus/Zbot Laptop2 logs: adwcleaner: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 25/05/2015 um 15:40:00
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-24.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Doppel D - DEISSLER
# Gestarted von : C:\Users\Doppel D\Desktop\AdwCleaner_4.205.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player
Ordner Gelöscht : C:\Program Files (x86)\MP4 Player
Ordner Gelöscht : C:\Users\Doppel D\AppData\Local\pokki
Ordner Gelöscht : C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Directory\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\Drive\shell\pokki
Schlüssel Gelöscht : HKCU\Software\Classes\lnkfile\shell\pokki
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [MP4 Player]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MP4 Player
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v38.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [2215 Bytes] - [25/05/2015 15:37:36]
AdwCleaner[S0].txt - [1945 Bytes] - [25/05/2015 15:40:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2004 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.05.2015 Suchlauf-Zeit: 15:50:31 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.25.04 Rootkit Datenbank: v2015.05.24.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Doppel D Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 362179 Verstrichene Zeit: 30 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.9 (05.24.2015:1)
OS: Windows 8.1 x64
Ran by Doppel D on 25.05.2015 at 16:23:17,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-1002
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1725350855-1927001909-1276192757-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2419188506-2927848148-1747214967-500
Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3406063620-4120487836-2621466698-500
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\Doppel D\appdata\local\crashrpt
~~~ FireFox
Emptied folder: C:\Users\Doppel D\AppData\Roaming\mozilla\firefox\profiles\p3h9gu7x.default\minidumps [5 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2015 at 16:26:21,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8.1
Program started at: 05/25/2015 04:29:11 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Doppel D\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Doppel D\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 05/25/2015 04:29:15 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 Ran by Doppel D (administrator) on DEISSLER on 25-05-2015 16:29:47 Running from C:\Users\Doppel D\Desktop Loaded Profiles: Doppel D & (Available Profiles: Doppel D) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-04-22] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-10-06] (Juniper Networks, Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [552960 2009-02-27] () HKLM-x32\...\Run: [3170 Scan2PC] => C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe [503808 2009-01-30] () HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.) HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1718536 2014-07-24] (CyberLink Corp.) Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-20] ShortcutTarget: Dropbox.lnk -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar374.lnk [2015-05-25] ShortcutTarget: Sidebar374.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/4 HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/4 SearchScopes: HKLM -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8773227C-0654-4ED7-9FAA-408D4FA95AAA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-06] (Microsoft Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-06] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{18EF1542-630C-4621-A51B-04F11DFE9BD4}: [NameServer] 129.13.64.5,129.13.96.2 FireFox: ======== FF ProfilePath: C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default FF Homepage: hxxp://www.bvb.de/News/Uebersicht/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-17] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-06] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-06] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\abs@avira.com [2015-04-28] FF Extension: Adblock Plus - C:\Users\Doppel D\AppData\Roaming\Mozilla\Firefox\Profiles\p3h9gu7x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-08] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-01-19] FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-02-11] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-06] (Advanced Micro Devices, Inc.) [] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-05] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent) S2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-06-09] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [94720 2014-09-27] (Softex Inc.) [] S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-10] (Realtek Semiconductor) S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-22] (Synaptics Incorporated) S2 Texis Monitor; C:\SIMULIA\Documentation\monitor.exe [4493312 2011-12-13] (Expansion Programs International, Inc.) [] S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-20] (Advanced Micro Devices) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-04] (Avira Operations GmbH & Co. KG) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-10-22] (Samsung Electronics) R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-08-20] (Juniper Networks) S4 jnprTdi_807_50111; C:\Windows\system32\Drivers\jnprTdi_807_50111.sys [108344 2014-10-06] (Juniper Networks, Inc.) S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-08-20] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-08-20] (Juniper Networks, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation) R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2015-02-11] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2014-04-22] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 GENERICDRV; \??\C:\swsetup\sp70137\amifldrv64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 16:29 - 2015-05-25 16:30 - 00021685 _____ () C:\Users\Doppel D\Desktop\FRST.txt 2015-05-25 16:29 - 2015-05-25 16:29 - 00001842 _____ () C:\Users\Doppel D\Desktop\sc-cleaner.txt 2015-05-25 16:28 - 2015-05-25 16:28 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Doppel D\Desktop\sc-cleaner.exe 2015-05-25 16:26 - 2015-05-25 16:26 - 00001474 _____ () C:\Users\Doppel D\Desktop\JRT.txt 2015-05-25 16:23 - 2015-05-25 16:23 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DEISSLER-Windows-8.1-(64-bit).dat 2015-05-25 16:23 - 2015-05-25 16:23 - 00000000 ____D () C:\RegBackup 2015-05-25 16:22 - 2015-05-25 16:22 - 02945770 _____ (Thisisu) C:\Users\Doppel D\Downloads\JRT(1).exe 2015-05-25 16:21 - 2015-05-25 16:21 - 00001197 _____ () C:\Users\Doppel D\Desktop\mbam.txt 2015-05-25 16:05 - 2015-05-25 16:05 - 02945770 _____ (Thisisu) C:\Users\Doppel D\Desktop\JRT.exe 2015-05-25 15:47 - 2015-05-25 15:47 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-25 15:45 - 2015-05-25 15:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Doppel D\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-25 15:44 - 2015-05-25 15:44 - 00002084 _____ () C:\Users\Doppel D\Desktop\AdwCleaner[S0].txt 2015-05-25 15:37 - 2015-05-25 15:41 - 00000000 ____D () C:\AdwCleaner 2015-05-25 15:36 - 2015-05-25 15:36 - 02222592 _____ () C:\Users\Doppel D\Desktop\AdwCleaner_4.205.exe 2015-05-25 09:56 - 2015-05-25 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-25 09:54 - 2015-05-25 15:36 - 00000000 ____D () C:\Users\Doppel D\Desktop\mbar 2015-05-25 09:53 - 2015-05-25 09:53 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Doppel D\Downloads\mbar-1.09.1.1004.exe 2015-05-25 09:53 - 2015-05-25 09:53 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Doppel D\Desktop\mbar-1.09.1.1004.exe 2015-05-25 08:13 - 2015-05-25 08:13 - 00461597 _____ () C:\Users\Doppel D\Downloads\Daten#bersicht 2015-05-24 13:58 - 2015-05-25 16:29 - 00000000 ____D () C:\FRST 2015-05-24 13:48 - 2015-05-24 13:48 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Doppel D\Desktop\tdsskiller.exe 2015-05-24 13:47 - 2015-05-24 13:47 - 02108416 _____ (Farbar) C:\Users\Doppel D\Desktop\FRST64.exe 2015-05-23 16:05 - 2015-05-23 16:22 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-05-22 14:23 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2015-05-22 14:23 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2015-05-22 14:23 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2015-05-22 14:23 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll 2015-05-22 14:23 - 2015-04-09 00:07 - 00410336 _____ () C:\Windows\system32\ApnDatabase.xml 2015-05-22 14:23 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll 2015-05-22 14:23 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll 2015-05-22 14:23 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2015-05-22 14:23 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2015-05-22 14:23 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2015-05-22 14:23 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2015-05-22 14:23 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2015-05-22 14:23 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2015-05-22 14:23 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2015-05-22 14:23 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2015-05-22 14:23 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2015-05-22 14:23 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2015-05-22 14:23 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2015-05-22 14:23 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2015-05-22 14:23 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2015-05-22 14:23 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll 2015-05-22 14:23 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll 2015-05-22 14:23 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll 2015-05-22 14:23 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2015-05-22 14:23 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2015-05-22 14:23 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2015-05-22 14:22 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll 2015-05-22 14:22 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll 2015-05-20 15:41 - 2015-05-21 20:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\PDF Writer 2015-05-18 19:27 - 2015-05-18 19:27 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\PDF Writer 2015-05-18 19:25 - 2015-05-18 19:26 - 00000000 ____D () C:\ProgramData\PDF Writer 2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-PDF 2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\Common Files\7-PDF 2015-05-18 19:25 - 2015-05-18 19:25 - 00000000 ____D () C:\Program Files\7-PDF 2015-05-18 19:25 - 2015-05-04 11:33 - 06967260 ____N (7-PDF, Germany - Th. Hodes ) C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.exe 2015-05-18 19:25 - 2014-11-19 17:38 - 00228352 _____ (Bullzip) C:\Windows\SysWOW64\bzFlRdr.dll 2015-05-18 19:25 - 2013-09-01 13:59 - 01103872 _____ () C:\Windows\SysWOW64\CBLCtlsU.ocx 2015-05-18 19:25 - 2013-07-13 13:15 - 00805376 _____ () C:\Windows\SysWOW64\EditCtlsU.ocx 2015-05-18 19:25 - 2013-07-12 23:57 - 00539648 _____ () C:\Windows\SysWOW64\LblCtlsU.ocx 2015-05-18 19:25 - 2013-04-05 14:55 - 00476160 _____ () C:\Windows\SysWOW64\TabStripCtlU.ocx 2015-05-18 19:25 - 2013-03-29 00:13 - 00645632 _____ () C:\Windows\SysWOW64\BtnCtlsU.ocx 2015-05-18 19:25 - 2013-03-03 15:37 - 01061888 _____ () C:\Windows\SysWOW64\ExLvwU.ocx 2015-05-18 19:25 - 2008-07-09 17:38 - 00103424 _____ (Bullzip) C:\Windows\SysWOW64\bzDCT.dll 2015-05-18 19:25 - 1999-05-07 01:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.OCX 2015-05-18 19:24 - 2015-05-18 19:24 - 06889574 _____ () C:\Users\Doppel D\Downloads\Setup_7PDF_10_11_0_2342_FREE.zip 2015-05-18 17:17 - 2015-05-21 07:33 - 00000000 ____D () C:\Program Files\paint.net 2015-05-18 17:17 - 2015-05-18 17:19 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\paint.net 2015-05-18 17:16 - 2015-05-18 17:16 - 06528454 _____ () C:\Users\Doppel D\Downloads\paint.net.4.0.5.install.zip 2015-05-18 17:10 - 2015-05-18 17:10 - 01203488 _____ () C:\Users\Doppel D\Downloads\Paint NET - CHIP-Installer.exe 2015-05-17 08:49 - 2015-05-17 16:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-12 22:20 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 22:20 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 22:03 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-12 22:03 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-12 22:03 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-12 22:03 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-12 22:03 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-12 22:03 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-12 22:03 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-12 22:03 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-12 22:03 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-12 22:03 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-12 22:03 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-05-12 22:03 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-12 22:03 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-12 22:03 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-12 22:03 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-05-12 22:03 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-12 22:03 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-12 22:03 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-05-12 22:03 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-12 22:03 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-05-12 22:03 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-12 22:03 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-12 22:03 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-12 22:03 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-12 22:03 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-12 22:03 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-12 22:03 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-05-12 22:03 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-12 22:03 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-05-12 22:03 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-12 22:03 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-05-12 22:03 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-12 22:03 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-12 22:03 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-12 22:03 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-12 22:03 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-12 22:03 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-12 22:03 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-12 22:03 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-12 22:03 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-12 22:03 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-12 22:03 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-12 22:03 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-12 22:03 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-12 22:03 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-12 22:03 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-12 22:03 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-05-12 22:03 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-12 22:03 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-12 22:03 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-12 09:51 - 2015-05-12 09:51 - 00776278 _____ () C:\Users\Doppel D\Downloads\Semcon Standort Sindelfingen Anfahrtsskizze.pptx 2015-05-07 13:25 - 2015-05-07 13:25 - 00000000 ____D () C:\Users\Doppel D\Downloads\Windows 8.1 (multiple editions) (x86) - DVD (German) 2015-05-07 11:45 - 2015-05-07 13:25 - 00010759 _____ () C:\Users\Doppel D\Downloads\SecureDownloadManager.log 2015-05-07 11:45 - 2015-05-07 11:45 - 00000184 _____ () C:\Users\Doppel D\Downloads\100381076748.sdx 2015-05-07 11:44 - 2015-05-07 11:44 - 00720384 _____ () C:\Users\Doppel D\Downloads\SDM_DE.msi 2015-05-07 08:18 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-05-07 08:18 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-05-05 15:28 - 2015-05-05 15:28 - 00000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini 2015-05-05 15:27 - 2015-05-05 15:27 - 01203488 _____ () C:\Users\Doppel D\Downloads\MP4 Player - CHIP-Installer.exe 2015-05-04 08:27 - 2015-05-04 08:28 - 00000000 ____D () C:\Users\Doppel D\Desktop\skripte 2015-05-01 19:48 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2015-05-01 19:48 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2015-05-01 19:48 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2015-05-01 19:48 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-05-01 19:48 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-01 19:48 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-01 19:47 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 16:27 - 2015-03-08 12:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-25 16:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru 2015-05-25 16:00 - 2015-01-19 12:45 - 02033882 _____ () C:\Windows\WindowsUpdate.log 2015-05-25 15:48 - 2014-05-01 00:10 - 00800954 _____ () C:\Windows\system32\perfh007.dat 2015-05-25 15:48 - 2014-05-01 00:10 - 00174458 _____ () C:\Windows\system32\perfc007.dat 2015-05-25 15:48 - 2014-03-18 11:53 - 01921090 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-25 15:47 - 2015-03-08 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-05-25 15:47 - 2015-03-08 12:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-05-25 15:46 - 2015-01-20 08:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-25 15:46 - 2015-01-19 12:53 - 00000000 ____D () C:\Users\Doppel D\Documents\Youcam 2015-05-25 15:45 - 2015-01-20 10:53 - 00000000 ___RD () C:\Users\Doppel D\Dropbox 2015-05-25 15:44 - 2015-01-20 10:49 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Dropbox 2015-05-25 15:42 - 2013-08-22 16:46 - 00053392 _____ () C:\Windows\setupact.log 2015-05-25 15:42 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-25 15:41 - 2014-08-05 21:39 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2015-05-25 08:35 - 2015-01-19 16:22 - 00000000 ____D () C:\Users\Doppel D\Documents\Bewerbung Job 2015-05-25 07:55 - 2015-01-21 21:44 - 00313344 ___SH () C:\Users\Doppel D\Desktop\Thumbs.db 2015-05-24 21:15 - 2015-03-17 11:17 - 00000362 _____ () C:\Windows\Tasks\HPCeeScheduleForDoppel D.job 2015-05-24 18:38 - 2015-03-31 20:21 - 00005148 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler 2015-05-24 18:29 - 2015-01-19 13:16 - 00002326 _____ () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2015-05-24 13:28 - 2015-01-19 16:34 - 00000000 ___RD () C:\Users\Doppel D\Desktop\Programme 2015-05-23 07:47 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-23 07:45 - 2015-04-01 09:22 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-23 07:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-05-23 07:27 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData 2015-05-23 07:22 - 2015-01-19 13:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-23 07:22 - 2014-03-18 11:44 - 00373540 _____ () C:\Windows\PFRO.log 2015-05-22 20:26 - 2015-01-23 22:12 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\vlc 2015-05-22 14:19 - 2015-02-10 22:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-05-22 08:42 - 2015-02-14 16:50 - 00000000 ____D () C:\Temp 2015-05-21 07:34 - 2015-01-20 15:31 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\CrashDumps 2015-05-19 07:51 - 2015-03-21 15:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-17 20:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-05-17 17:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache 2015-05-17 17:02 - 2015-01-19 14:24 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Adobe 2015-05-17 16:59 - 2015-01-20 08:32 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-05-17 16:59 - 2014-08-05 21:57 - 00000000 ____D () C:\ProgramData\McAfee 2015-05-17 11:18 - 2015-01-19 13:57 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-13 08:00 - 2013-08-22 16:44 - 00521792 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 07:58 - 2015-01-28 10:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-12 22:21 - 2015-01-25 14:51 - 00000039 _____ () C:\Windows\vbaddin.ini 2015-05-12 22:21 - 2015-01-25 14:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-12 22:20 - 2015-01-22 18:38 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-12 22:14 - 2015-01-22 18:38 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-12 22:10 - 2015-01-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-12 22:07 - 2014-03-18 11:38 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-12 21:15 - 2015-03-17 11:17 - 00003182 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDoppel D 2015-05-11 15:28 - 2015-01-19 14:35 - 00010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml 2015-05-09 10:17 - 2015-01-19 12:50 - 00000000 ____D () C:\Users\Doppel D\AppData\Local\Packages 2015-05-09 08:46 - 2015-01-20 10:51 - 00000000 ____D () C:\Users\Doppel D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-08 08:27 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-05-06 09:14 - 2015-03-21 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-05-05 19:59 - 2015-01-22 21:40 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-05-05 19:59 - 2015-01-22 21:40 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-05-05 11:15 - 2015-02-15 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-05 11:14 - 2015-02-15 17:28 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-05-05 11:14 - 2015-02-15 17:28 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-04-30 13:10 - 2014-08-05 21:47 - 00000000 ____D () C:\ProgramData\CyberLink 2015-04-30 12:06 - 2015-01-19 14:08 - 00002244 ____H () C:\Users\Doppel D\Documents\Default.rdp 2015-04-28 09:48 - 2015-01-19 13:22 - 00000000 ____D () C:\Users\Doppel D\Documents\WG 2015-04-27 12:30 - 2015-01-19 15:34 - 00000000 ____D () C:\Users\Doppel D\Documents\Citavi 4 ==================== Files in the root of some directories ======= 2015-01-19 14:35 - 2015-05-11 15:28 - 0010848 _____ () C:\Users\Doppel D\AppData\Roaming\SmarThruOptions.xml 2015-05-05 15:28 - 2015-05-05 15:28 - 0000036 ____H () C:\Users\Doppel D\AppData\Roaming\swk.ini 2015-04-24 16:19 - 2015-04-24 16:19 - 0002342 _____ () C:\Users\Doppel D\AppData\Local\recently-used.xbel 2015-02-03 21:35 - 2015-02-03 21:35 - 0007606 _____ () C:\Users\Doppel D\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\Doppel D\AppData\Local\Temp\avgnt.exe C:\Users\Doppel D\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpouh455.dll C:\Users\Doppel D\AppData\Local\Temp\Extract.exe C:\Users\Doppel D\AppData\Local\Temp\i4jdel0.exe C:\Users\Doppel D\AppData\Local\Temp\Intel_Technology_Access_Software.exe C:\Users\Doppel D\AppData\Local\Temp\mccspuninstall.exe C:\Users\Doppel D\AppData\Local\Temp\oct2574.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\oct32CD.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\oct3428.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\oct525A.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\oct5BA0.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\oct7CDF.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\octA187.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\octA561.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\octB3AC.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\octC461.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\octC9B2.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\octEB09.tmp.exe C:\Users\Doppel D\AppData\Local\Temp\Quarantine.exe C:\Users\Doppel D\AppData\Local\Temp\scipy-0.14.0-sse3.exe C:\Users\Doppel D\AppData\Local\Temp\SP67280.exe C:\Users\Doppel D\AppData\Local\Temp\SP67743.exe C:\Users\Doppel D\AppData\Local\Temp\SP69229.exe C:\Users\Doppel D\AppData\Local\Temp\SP69393.exe C:\Users\Doppel D\AppData\Local\Temp\SP69401.exe C:\Users\Doppel D\AppData\Local\Temp\SP69404.exe C:\Users\Doppel D\AppData\Local\Temp\SP69411.exe C:\Users\Doppel D\AppData\Local\Temp\SP69555.exe C:\Users\Doppel D\AppData\Local\Temp\SP69559.exe C:\Users\Doppel D\AppData\Local\Temp\SP69718.exe C:\Users\Doppel D\AppData\Local\Temp\SP69738.exe C:\Users\Doppel D\AppData\Local\Temp\SP69846.exe C:\Users\Doppel D\AppData\Local\Temp\SP70137.exe C:\Users\Doppel D\AppData\Local\Temp\SP70439.exe C:\Users\Doppel D\AppData\Local\Temp\sqlite3.dll C:\Users\Doppel D\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-18 18:31 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015
Ran by Doppel D at 2015-05-25 16:30:52
Running from C:\Users\Doppel D\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1312067100-3160384092-1139304428-500 - Administrator - Disabled)
Doppel D (S-1-5-21-1312067100-3160384092-1139304428-1002 - Administrator - Enabled) => C:\Users\Doppel D
Gast (S-1-5-21-1312067100-3160384092-1139304428-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1312067100-3160384092-1139304428-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-PDF Printer 10.11.0.2342 (HKLM\...\7-PDF Printer_is1) (Version: 10.11.0.2342 - 7-PDF, Germany - Th. Hodes)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
Abaqus 6.13 Documentation (HKLM-x32\...\Abaqus 6.13 Documentation) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Abaqus 6.13-5 (HKLM-x32\...\Abaqus 6.13-5) (Version: 6.13.0.0 - Dassault Systemes Simulia Corp.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3906 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes de-DE (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF07-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.27 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inkscape 0.91 (HKLM-x32\...\Inkscape) (Version: 0.91 - )
Inst5675 (Version: 8.01.27 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.27 - Softex Inc.) Hidden
Intel(R) Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Juniper Networks Setup Client (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.7.50111 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.50111 - Ihr Firmenname) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.50111 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Ihr Firmenname)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Python 2.7 scipy-0.14.0 (HKLM-x32\...\scipy-py2.7) (Version: - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Samsung CLX-3170 Series (HKLM-x32\...\Samsung CLX-3170 Series) (Version: - Samsung Electronics CO.,LTD)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - )
SmarThru PC Fax (HKLM-x32\...\SmarThru PC Fax) (Version: - )
Startfenster (HKLM-x32\...\Startfenster) (Version: - Startfenster)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App für HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
yEd Graph Editor 3.14 (HKLM\...\3309-7404-0599-8908) (Version: 3.14 - yWorks GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1312067100-3160384092-1139304428-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-05-2015 17:42:42 Geplanter Prüfpunkt
21-05-2015 07:32:36 Removed paint.net
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-02-16 09:52 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0990C75E-EEE2-4B86-8272-EDA7079CE817} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {1123A072-1BCD-4AF2-BBF1-37CC14219C22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {203E25B3-175E-49CA-9428-7142B4325EB0} - \Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-1002 No Task File <==== ATTENTION
Task: {2B55C425-F3A3-41D4-BDDB-323B0B29D0CC} - System32\Tasks\HPCeeScheduleForDoppel D => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3B4E5D9E-FB40-4851-B770-7CC81249BC24} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2014-09-27] (Hewlett-Packard)
Task: {3CA217AF-8BE5-4D18-A55D-E34AB3AA7B15} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2014-09-27] (Hewlett-Packard)
Task: {40A1ECC5-6AC6-4B58-B6EF-FC7F95D49975} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {4A8E0D25-B728-4D11-9C3B-D5677A58D476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {5745C80F-E79B-4527-A735-677C3C95D324} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5E33AB4F-A509-457D-9105-F165B3A35099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {6AE3F81E-FF5D-4FB3-947E-E47F26664DD7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {7552A293-1545-495B-BB57-6BAF739F41CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {80A420C9-4AA9-4506-9EE0-B0C0A8A71CA6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Deissler-Doppel D Deissler => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-06] (Microsoft Corporation)
Task: {872EEC8A-4540-4C84-A5E2-BB507ED799BA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {87FD31D7-ADC0-4FD4-9C9A-24A08D998A9E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {895DE694-D487-47FB-B416-4A012ACB2F76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated)
Task: {946D500B-08CE-4039-8D57-4B35C8894C1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {A4F6685F-D842-4381-BA79-ACE13CFE0211} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2014-09-27] (Hewlett-Packard)
Task: {B0D271CB-EFB6-43F3-A39F-1DEC597FD215} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C2F0E930-53DD-4D5F-9881-79994912ADBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-06] (Microsoft Corporation)
Task: {C698FEA9-4053-437F-9E22-D26EFA73F12A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {C9300309-2256-41D0-B6A6-FB723A098A52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {D28A0CE1-FFFA-42CD-8934-BCBEAC933A74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D3045CA2-FE90-4C31-B9DB-7B062034F6B9} - \Optimize Start Menu Cache Files-S-1-5-21-1312067100-3160384092-1139304428-500 No Task File <==== ATTENTION
Task: {E32BAE91-F6ED-4A31-A84B-3BEF3F188CF2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDoppel D.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-17 14:43 - 2015-03-17 14:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\cpprest120_1_4.dll
2015-03-17 15:15 - 2015-03-17 15:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2015-03-21 15:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-19 14:34 - 2007-12-27 17:44 - 00082432 _____ () C:\Windows\System32\SamFaxPort64.dll
2015-01-19 14:31 - 2007-08-14 03:03 - 00022016 _____ () C:\Windows\System32\sst1cl6.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-08-05 22:02 - 2013-02-01 11:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-08-05 22:02 - 2013-02-01 11:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-1312067100-3160384092-1139304428-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER Error getting ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{16AD78DD-65F2-47F6-8CDF-CAF8D355BB32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D98FA805-30BC-47AA-90C8-4F6D608AA674}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{070CB099-7A71-44FC-8410-7062B6F7E165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90CB1EC0-7D89-402F-8372-A4399B92751A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1742ECAD-D58F-43A2-A3AD-DA7A6E47458F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{27B451F7-8A22-4418-8BF0-12082A446104}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{75F4BDB8-2A9E-4903-9BD7-155A8A99C88A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E779D34-D883-4059-8D0A-1480CF531C17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E61C5AA0-59F0-4F7E-A1CB-01FA24E98745}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{A170C4FD-9AD1-44FC-A0BB-12074CA67675}] => (Allow) C:\Windows\twain_32\Samsung\ScanMgr.exe
FirewallRules: [{B066D0F2-9EED-4981-9FD3-8DFA25BBE09F}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{5395966C-550B-4A1D-8650-7197EB973A6D}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
FirewallRules: [{022A1CF6-4E7C-4283-95F3-4D065580586C}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{8F619BAA-F9A6-4549-9978-43E3888AEF69}] => (Allow) C:\Windows\twain_32\Samsung\CLX3170\Sscan2io.exe
FirewallRules: [{09ACE5EA-0B83-43A5-83AF-6A981068FBCE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{842FBF91-D0DE-4479-9C11-E68C9E4868CE}] => (Allow) C:\Users\Doppel D\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D0E8A705-1DAB-41D4-9947-25B624AF5747}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{942348C0-30B5-4CDD-B691-48940D5B9B90}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{169D1166-8C45-4F70-ACC9-85750662CA30}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{A161EE38-2B21-4162-BF14-17DC9803882A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{4A971199-06BA-4E38-B49D-C8D6B054ECA9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{5D6A08F9-926F-4CDC-9641-9D0307D6F56E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DC48C7CC-8C7C-4184-88AB-965555AD6D42}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{C34CD7B8-CCA8-4B1F-BC60-E7BFB9C4D642}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{73FB4A7A-346F-490B-9591-722E1BBAE5F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{B3540C81-C0CD-4F4B-8087-9D36FD30D1D3}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5D7F82B1-2281-4C83-A276-BF776EC41961}C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\doppel d\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{328C5761-B521-4747-93ED-7EFBDAAD7B5C}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [UDP Query User{F02E9BE4-F2B9-4060-866C-C2A7E507E975}C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe] => (Allow) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{4226FA3C-C310-4DD6-994F-54F5F87F903E}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{9783FEBE-D1EB-48F1-AFA4-6885C888B7ED}] => (Block) C:\simulia\abaqus\6.13-5\code\bin\abqcaek.exe
FirewallRules: [{D5CFF259-6A4B-46A0-AF54-01A77DB1F732}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EB2897EE-AB63-4D50-88B3-004039E2E740}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{CA588A6D-25BF-4CD6-92E0-4CB978107FCA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{16ABB144-DF68-4171-8412-A290AC6F1CF4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{F9397BE3-58B2-41BE-8753-335D2EBF8B49}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{199F35C6-1460-4C14-9D21-6803BFAA2260}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{5838AB6F-FD65-4111-8A95-28E44BC3A797}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{724F355B-F021-487B-A16B-B76A1D7F689A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2015 04:20:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16156344
Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16156344
Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11313
Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11313
Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9641
Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9641
Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (05/25/2015 04:24:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 04:23:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Texis Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SynTPEnh Caller Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 04:23:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HPWMISVC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/25/2015 04:23:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dragon Notes Core" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (05/25/2015 04:20:04 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16156344
Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16156344
Error: (05/25/2015 03:24:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11313
Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11313
Error: (05/25/2015 10:55:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9641
Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9641
Error: (05/25/2015 10:55:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: AMD A10-5745M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 11460.65 MB
Available physical RAM: 9522.88 MB
Total Pagefile: 13188.65 MB
Available Pagefile: 10987.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:907.06 GB) (Free:728.06 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.43 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CA7DA791)
Partition: GPT Partition Type.
==================== End of log ============================
Der Zugriff soll laut Telekom am 18.05.2015 und am 06.05.2015 stattgefunden haben. Ich habe das Telekom Abuse-Team bereits kontaktiert, ob genauere Verbindungsdetails vorhanden sind; durch das verlängerte Wochenende erhielte ich jedoch noch keine Antwort. [EDIT]: Ich habe nun doch eine Antwort erhalten: zusammengefasst: ich habe den Hostname des Sinkholes erhalten auf den Zugegriffen wurde (insgesamt 5 mal, immer der gleiche), mehr Informationen gab es leider (noch) nicht. Update: Ich habe nun vom Telekom Abuse Team die Timestamps aller Zugriffe auf das Sinkhole bekommen. Laut Router-Log waren zum Zeitpunkt des letzten Zugriffs nur ein Androidgerät und Laptop2 im Netz. Geändert von rootofallevi (25.05.2015 um 16:00 Uhr) |
|
25.05.2015, 20:07
| #26 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, auf deinem Rechner (Win 8.1):
Gib mir Bescheid, wenn das erledigt ist. |
|
25.05.2015, 20:12
| #27 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, auf Laptop 2:
|
|
26.05.2015, 06:44
| #28 |
| | Telekom Brief Zeus/Zbot Guten Abend, Sooo, wir waren schon etwas radikaler  da dem Laptop ein komplettes Neuaufsetzen von Windows eh ganz gut tut, haben wir dies jetzt getan und ihn mithilfe eines Images auf den Auslieferungszustand gebracht.  Das Image war auf einer extra Partition, und wurde mit der HP-Recovery Software unter den Windows Reparaturoptionen aufgespielt (Reparaturoption im erweiterten Bootmenü) Dieser "MP4-Player" war durchaus keine vertrauenswürdige Software und meiner Vermutung nach auch die Infektionsquelle (wurde kurz vor der ersten bekannten Verbindung zum Sinkhole installiert). Nach dem Rücksetzen wurde gleich Avast, MBAM, und NoScript installiert. Gibt es noch weitere Tips oder Optionen die ich nicht in Betracht gezogen habe? Vielen Dank für die Geduld und den Aufwand Desktop (win 8.1) Die AdwCleaner.zip ist hochgeladen  trojaner-board.de/upload.trojaner-board.de/files/150526-0743_AdwCleaner.zip.zip Geändert von rootofallevi (26.05.2015 um 07:28 Uhr) |
|
26.05.2015, 09:17
| #29 |
| /// TB-Ausbilder | Telekom Brief Zeus/Zbot Servus, das war wohl die richtige Entscheidung, den Laptop2 neu aufzusetzen. danke für den Upload. Dann machen wir noch kurz den Windows 8.1 Rechner fertig: Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
Task: {FD2FE855-B9A4-4264-AB1C-3AF23779B4D4} - \Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001 No Task File <==== ATTENTION
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
26.05.2015, 16:35
| #30 |
| | Telekom Brief Zeus/Zbot N'abend Die Logs von FRST-Fix, ESET und SecurityCheck auf dem Desktop: FRST-Fix: Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Michael at 2015-05-26 10:59:00 Run:1
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
Task: {FD2FE855-B9A4-4264-AB1C-3AF23779B4D4} - \Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001 No Task File <==== ATTENTION
EmptyTemp:
end
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD2FE855-B9A4-4264-AB1C-3AF23779B4D4}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD2FE855-B9A4-4264-AB1C-3AF23779B4D4}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2705135437-1520576403-3312034090-1001" => key Removed successfully
EmptyTemp: => Removed 968.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:00:01 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9d76326dc1110847ba9932a3ab627efd
# engine=24029
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-26 03:12:11
# local_time=2015-05-26 05:12:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 174467 9149283 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6541786 15140714 0 0
# scanned=337503
# found=3
# cleaned=0
# scan_time=10023
sh=33F21111A3F3ECF3426863121BF458A8F19642DB ft=1 fh=77b670141c9fc9d9 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-2705135437-1520576403-3312034090-1001\$R400O5I.exe"
sh=E4EC600C713AC4D250614FFAFD7BFEAE696CB76D ft=1 fh=f20ecac4b55764e3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\$RECYCLE.BIN\S-1-5-21-2705135437-1520576403-3312034090-1001\$RCZOMQQ.exe"
sh=B14E23A2F3238C771E8F047A89BB669A2EA72AA1 ft=1 fh=2cf6de8267e05ae4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Universal USB Installer - CHIP-Installer.exe"
zum einen der Chip-Installer, den hatte ich mal früher in meiner Dummheit verwendet, mittlerweile lade ich Software immer direkt vom Hersteller, also diese ausführbare Datei wurde nie auf dem System ausgeführt. Ebenso die anderen Funde, die auch im Papierkorb liegen. Das sind Softwareinstaller die nie auf diesem System ausgeführt wurden (zum Glück  , und auch auf keinem anderen System, das noch in Betrieb ist).Zum Schluss noch der Log von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 1.001 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 31 Java 8 Update 40 Java 8 Update 45 Adobe Flash Player 17.0.0.188 Mozilla Firefox (38.0.1) Mozilla Thunderbird (31.7.0) Google Chrome (43.0.2357.65) Google Chrome (43.0.2357.81) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast ng ngservice.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Grüße |
|
| Themen zu Telekom Brief Zeus/Zbot |
| aktiv, antivir, avast, avira, avira antivir, briefkasten, desktop, ebanking, email, fehlermeldung, folge, frage, free, lag, laptop, lubuntu, netzwerk, onlinebanking, passwort, passwörter, problem, rechner, telekom, tool, tracking, trojaner, win7, zeus/zbot telekom abuse warnung, ändern |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
