| |
| |||||||
Log-Analyse und Auswertung: Rootkit in syswow64Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.12.2015, 00:27
| #1 |
| |  Rootkit in syswow64 Hey, AVAST hat einen Rootkit gefunden in der syswow64. Er heisst Win32:Rootki-gen [Rtk]. Anbei logs von GMER und FRST. Könntet ihr da mal drüber schauen, ob das eh alles ok ist? generic rootkit hört sich so an, als könnte das auch nur einfach eine falsch positive Meldung sein: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
durchgeführt von Hans (Administrator) auf LAPTOP (24-12-2015 00:08:10)
Gestartet von C:\Users\Hans\Downloads
Geladene Profile: Hans & UpdatusUser (Verfügbare Profile: Hans & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLE.EXE
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Dropbox, Inc.) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Identive) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
(SCM Microsystems) C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\SCMSOK.exe
() C:\Windows\System32\DnsBlockUpdateSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\Rezip.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [MyKey] => C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [3757416 2013-12-02] (Identive)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-22] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-10-06] (Oracle Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [Dropbox Update] => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f39-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f46-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {2f578f54-47a8-11e3-a250-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {8decd099-7cbb-11e2-9583-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {a980f5b3-46e9-11e3-9545-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e64f-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e66c-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {b148e693-bb74-11e0-b66d-002454e7f112} - F:\AutoRun.exe
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\MountPoints2: {c46076b6-471b-11e3-a3f5-002454e7f112} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-22] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2014-09-11]
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk /p \??\F:autocheck autochk *
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FB4F90BB-A333-4E59-B56C-DF8C6275CDC7}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338618843537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338618999537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130929338619155537&GUID=EF97CEA7-7FB9-44C7-2E25-C4BC35DA97F6
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1446569930&z=f54d8c2a8768612cc90c5b0g9z9zfqaw1qctft6cee&from=cvs2&uid=samsungxhm321hi_s26vj9fza06845&q={searchTerms}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {9B68959E-CB34-4310-AEB9-29D97D4A2E71} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.google.de/search?q={searchTerms}&hl=de&gl=de&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {F0B806F9-E7A4-4EEF-997A-DC5E27C7A74F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=FFB6CD93-1193-4B51-A555-CC45789B9BFB&apn_sauid=03538CF5-E558-421C-A409-41FD4C0FC506
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-22] (AVAST Software)
BHO: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{7E01E4ED-0B55-4913-81E3-294590499695}\{49A7C928-0C4C-4194-BF4E-B02BAC3F933E}.bin [2015-12-23] (Download Protect)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-22] (AVAST Software)
BHO-x32: DownloadProtect Extension -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{26E60582-0A89-4A5A-AAE4-4B8A7900329D}\{F9F9C990-FEDC-4343-B46E-4C910592E58E}.bin [2015-12-23] (Download Protect)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF SelectedSearchEngine: google
FF Homepage: hxxp://www.google.de?hl=de&gl=de
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\user.js [2015-12-23]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\11-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\ask-search.xml [2014-04-20]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\englische-ergebnisse.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\gmx-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\google-avast.xml [2015-11-03]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\lastminute.xml [2014-06-05]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\mystartsearch.xml [2015-11-03]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\preisde.xml [2015-03-22]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\webde-suche.xml [2014-06-06]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\wir-lieben-preisede.xml [2015-03-22]
FF SearchPlugin: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\searchplugins\yahoo-avast.xml [2015-07-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{FACC66B7-E49F-49ed-997E-66A221FD956D}] - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox
FF Extension: MyKey Interface - C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\FireFox [2014-09-11] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\goqysxjm.default\extensions\deskCutv2@gmail.com => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}] - C:\windows\Installer\{A789F495-94D3-4A15-823A-B22492A93E97}\{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}.xpi
FF Extension: Download Protect - C:\windows\Installer\{A789F495-94D3-4A15-823A-B22492A93E97}\{6FC78B7F-929C-47D9-8AC2-B495624FE6A5}.xpi [2015-12-23]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-13]
CHR HKU\S-1-5-21-522234228-4192544273-3428825822-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - <kein Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-22]
StartMenuInternet: Google Chrome.KJOE5CON4YSEURCOUTJD6SBO2M - chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-22] (AVAST Software)
R2 DnsBlockUpdateSvc; C:\windows\system32\DnsBlockUpdateSvc.exe [151072 2015-11-03] ()
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [Datei ist nicht signiert]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [495800 2015-11-02] (Sony Corporation)
R2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-22] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-22] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2014-01-02] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-09-30] (EldoS Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-11-03] (Windows (R) 2003 DDK 3790 provider)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-05-30] (Identive)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
U3 uxldapow; \??\C:\Users\Hans\AppData\Local\Temp\uxldapow.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-24 00:08 - 2015-12-24 00:08 - 00025990 _____ C:\Users\Hans\Downloads\FRST.txt
2015-12-24 00:08 - 2015-12-24 00:08 - 00000000 ____D C:\FRST
2015-12-24 00:07 - 2015-12-24 00:07 - 02370560 _____ (Farbar) C:\Users\Hans\Downloads\FRST64.exe
2015-12-23 23:49 - 2015-12-23 23:49 - 00380416 _____ C:\Users\Hans\Downloads\Gmer-19357.exe
2015-12-23 15:30 - 2015-12-23 15:30 - 00000000 ____D C:\Program Files\{7E01E4ED-0B55-4913-81E3-294590499695}
2015-12-23 15:30 - 2015-12-23 15:30 - 00000000 ____D C:\Program Files (x86)\{26E60582-0A89-4A5A-AAE4-4B8A7900329D}
2015-12-23 14:19 - 2015-12-23 14:22 - 00010528 _____ C:\Users\Hans\Downloads\Hof_Frech_Jan_16.xlsx
2015-12-23 06:47 - 2015-12-23 06:47 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-23 06:47 - 2015-12-23 06:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-22 17:33 - 2015-12-23 21:23 - 00003042 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1450802017
2015-12-22 17:33 - 2015-12-22 17:33 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2015-12-22 17:33 - 2015-12-22 17:33 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-22 17:32 - 2015-12-22 20:36 - 00000000 ____D C:\Program Files\{EA4A7ED6-4E60-46E5-8087-B3774C49DF3E}
2015-12-22 17:25 - 2015-12-22 17:25 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-12-22 17:24 - 2015-12-22 17:24 - 00466400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2015-12-22 17:24 - 2015-12-22 17:24 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-12-21 11:26 - 2015-12-21 11:26 - 00000000 ____D C:\Program Files\{F6648511-BC56-45B8-A5E9-F6918182648E}
2015-12-21 11:26 - 2015-12-21 11:26 - 00000000 ____D C:\Program Files (x86)\{D1230C96-3FDF-4B49-A76E-0C35A5326394}
2015-12-20 13:29 - 2015-12-20 13:29 - 00000000 ____D C:\Program Files (x86)\Babylon
2015-12-20 13:28 - 2015-12-20 13:28 - 00676720 _____ (Babylon Software Ltd.) C:\Users\Hans\Downloads\Babylon10_setup_ns.exe
2015-12-20 13:06 - 2015-12-23 06:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-11 15:56 - 2015-12-11 15:56 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 13:13 - 2015-12-10 13:13 - 00027770 _____ C:\Users\Hans\Downloads\PB_KAZ_KtoNr_0795121708_07-12-2015_1049.pdf
2015-12-10 02:17 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-10 02:17 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-10 02:17 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-10 02:17 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-10 02:17 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-10 02:17 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-10 02:17 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-10 02:17 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-10 02:17 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-10 02:17 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-10 02:16 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-10 02:16 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-10 02:16 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-10 02:16 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-10 02:16 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-10 02:16 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-10 02:16 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-10 02:16 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-10 02:16 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-10 02:16 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-10 02:16 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-10 02:16 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-10 02:16 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-10 02:16 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-10 02:16 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-10 02:16 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-10 02:16 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-10 02:16 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-10 02:16 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-10 02:16 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-10 02:16 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-10 02:16 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-10 02:16 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-10 02:16 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-10 02:16 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-10 02:16 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-10 02:16 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-10 02:16 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-10 02:16 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-10 02:16 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-10 02:16 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-10 02:16 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-10 02:16 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-10 02:16 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-10 02:16 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-10 02:16 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-10 02:16 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2015-12-10 02:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2015-12-10 02:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2015-12-10 02:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2015-12-10 02:16 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2015-12-10 02:16 - 2015-10-08 20:13 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2015-12-10 02:16 - 2015-10-08 19:52 - 00419928 _____ C:\windows\system32\locale.nls
2015-12-10 02:15 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-10 02:15 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-10 02:15 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-10 02:15 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-10 02:15 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-10 02:15 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-10 02:15 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-10 02:15 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-10 02:15 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-10 02:15 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-10 02:15 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-10 02:15 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-10 02:15 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-10 02:15 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-10 02:15 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-10 02:15 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-10 02:15 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-10 02:15 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-10 02:15 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-10 02:15 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-10 02:15 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-10 02:15 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-10 02:15 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-10 02:15 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-10 02:15 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-10 02:15 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-10 02:15 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-10 02:15 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-10 02:15 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-10 02:15 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-10 02:15 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-10 02:15 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-10 02:15 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-10 02:15 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-10 02:15 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-10 02:15 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-10 02:15 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-10 02:15 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-10 02:15 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-10 02:15 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-10 02:15 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-10 02:13 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-10 02:13 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-12-05 19:18 - 2015-12-05 19:18 - 02146312 _____ C:\Users\Hans\Downloads\22000-56_grind__brew_coffee_maker_ib_552-825.pdf
2015-12-03 13:49 - 2015-12-03 13:49 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2015-12-03 13:49 - 2015-12-03 13:49 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-28 20:37 - 2015-11-28 20:37 - 00070299 _____ C:\Users\Hans\Downloads\RG150232205871.pdf
2015-11-25 16:12 - 2015-11-25 16:13 - 00177179 _____ C:\Users\Hans\Downloads\Angebot_AN1534658.pdf
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-24 00:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-23 23:56 - 2015-06-16 14:25 - 00001220 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job
2015-12-23 23:31 - 2013-02-28 15:47 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2015-12-23 22:56 - 2009-07-14 05:45 - 00022752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-23 22:56 - 2009-07-14 05:45 - 00022752 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 21:40 - 2015-06-16 14:25 - 00001168 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job
2015-12-23 21:23 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2015-12-23 15:33 - 2014-09-12 11:54 - 00000000 ___RD C:\Users\Hans\Documents\Dropbox
2015-12-23 15:32 - 2014-07-05 10:37 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Dropbox
2015-12-23 15:31 - 2012-07-07 14:56 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-12-23 15:30 - 2015-11-03 18:01 - 00000306 __RSH C:\ProgramData\ntuser.pol
2015-12-23 15:27 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-23 12:37 - 2011-06-18 19:11 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{4AC904EB-88D0-40F8-9C3F-D3356DCC3A43}
2015-12-23 12:30 - 2009-07-14 06:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-12-23 06:48 - 2011-06-17 18:49 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype
2015-12-23 06:47 - 2012-09-06 02:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-23 06:46 - 2010-08-04 03:29 - 00000000 ____D C:\ProgramData\Skype
2015-12-22 17:26 - 2011-06-16 20:50 - 00451040 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2015-12-22 17:26 - 2011-06-16 20:50 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswmonflt.sys
2015-12-22 17:25 - 2015-03-14 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-22 17:25 - 2014-04-23 20:43 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-12-22 17:25 - 2013-12-26 20:13 - 00155304 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-12-22 17:25 - 2013-02-28 16:39 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-12-22 17:25 - 2013-02-28 16:39 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-12-22 17:25 - 2012-03-19 14:55 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-12-22 17:25 - 2011-06-16 20:49 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-22 17:24 - 2015-03-14 16:58 - 00028144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2015-12-22 17:24 - 2011-06-16 20:50 - 01055560 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-12-22 17:24 - 2011-06-16 20:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-21 11:23 - 2012-04-27 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-20 16:52 - 2015-02-23 18:21 - 00000000 ____D C:\Users\Hans\Documents\Weihnachten Grußkarten
2015-12-20 13:48 - 2015-07-12 17:54 - 00000000 ____D C:\Program Files\Babylon
2015-12-19 19:38 - 2015-07-27 17:02 - 00014187 _____ C:\Users\Hans\Documents\Benzinkosten CRV.xlsx
2015-12-19 06:38 - 2015-04-04 19:19 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-19 06:38 - 2015-04-04 19:19 - 00000000 ___SD C:\windows\system32\GWX
2015-12-11 16:35 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2015-12-10 08:20 - 2009-07-14 05:45 - 00427872 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-10 08:17 - 2012-05-11 08:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 08:17 - 2012-05-11 08:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 07:53 - 2011-06-16 21:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 07:49 - 2012-05-11 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 07:43 - 2013-08-15 07:43 - 00000000 ____D C:\windows\system32\MRT
2015-12-10 03:08 - 2011-06-16 22:47 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-10 01:48 - 2015-03-17 22:47 - 00000000 ____D C:\Users\Hans\AppData\Local\Skype
2015-12-09 04:39 - 2011-06-16 20:41 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-08 21:22 - 2013-02-28 15:47 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 21:22 - 2013-02-28 15:47 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 21:22 - 2011-06-16 21:45 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-26 18:12 - 2011-06-16 00:13 - 00000000 ____D C:\Users\Hans
2015-11-26 18:10 - 2015-10-31 13:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2013-12-21 09:01 - 2013-12-21 09:01 - 0000030 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG
2011-06-17 18:52 - 2011-06-17 18:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-06-16 00:15 - 2010-01-16 06:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-08-04 03:37 - 2010-08-04 03:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-08-04 03:35 - 2010-08-04 03:36 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-08-04 03:32 - 2010-08-04 03:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-04 03:36 - 2010-08-04 03:37 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-08-04 03:31 - 2010-08-04 03:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-08-04 03:33 - 2010-08-04 03:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-12-20 15:32
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-12-2015
durchgeführt von Hans (2015-12-24 00:09:30)
Gestartet von C:\Users\Hans\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-06-15 23:13:07)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-522234228-4192544273-3428825822-500 - Administrator - Disabled)
Gast (S-1-5-21-522234228-4192544273-3428825822-501 - Limited - Enabled)
Hans (S-1-5-21-522234228-4192544273-3428825822-1000 - Administrator - Enabled) => C:\Users\Hans
HomeGroupUser$ (S-1-5-21-522234228-4192544273-3428825822-1253 - Limited - Enabled)
UpdatusUser (S-1-5-21-522234228-4192544273-3428825822-1254 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.5.0621 - Atheros)
Avast Internet Security (HKLM-x32\...\avast) (Version: 11.1.2245 - AVAST Software)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-4300-A758B70C1001}) (Version: 12.16.1.1670 - APN, LLC)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
CHIPDRIVE MyKey (HKLM-x32\...\CHIPDRIVE MyKey_CDInst21) (Version: - Identive)
Content Manager (HKLM-x32\...\Content Manager) (Version: 3.18.4.510611 - NNG Llc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2806 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108a - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3213 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815b - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1812 - CyberLink Corp.)
DealPly (HKU\.DEFAULT\...\DealPly) (Version: - ) <==== ACHTUNG
DReport Viewer 4 (HKLM-x32\...\{811E4E77-05C8-422E-8077-B9A80BF15C68}) (Version: 4.00.0043 - DÖRR EDV-Beratung)
Dropbox (HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX235 Series (HKLM\...\EPSON SX235 Series) (Version: - SEIKO EPSON Corporation)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{F9557866-B4C8-4CE5-8508-0E386BDC20B2}) (Version: 4.3.3 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.1.11318 - Landesfinanzdirektion Thüringen)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.17 - Oracle Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
MergeModule_x64 (Version: 9.1.00 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 de)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.03.11020 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.0.03 - Sony Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6003 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.46.1990.144 (x32 Version: 1.46.1990.144 - Avast Software) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung)
Samsung R-Series (HKLM-x32\...\{3EED7541-55F8-4DC6-B9CD-28762D71310E}) (Version: 1.0 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SCR3xxx Smart Card Reader (HKLM-x32\...\{37C4109C-F80B-4D3A-A8B3-1FA0618BFDBA}) (Version: 8.57 - Identive)
Sigel Label- und Barcode Software (HKLM-x32\...\Sigel Label- und Barcode Software) (Version: - )
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Softwarenetz Haushaltsbuch4 (HKLM-x32\...\Haushaltsbuch4) (Version: - Softwarenetz)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-522234228-4192544273-3428825822-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Hans\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
26-11-2015 19:46:40 Avast Cleanup
28-11-2015 09:38:12 Avast Cleanup
28-11-2015 20:32:57 Avast Cleanup
28-11-2015 20:44:28 Windows Update
02-12-2015 08:15:22 Avast Cleanup
02-12-2015 20:44:17 Avast Cleanup
02-12-2015 20:55:45 Windows Update
05-12-2015 18:16:33 Avast Cleanup
06-12-2015 08:55:00 Avast Cleanup
06-12-2015 15:25:45 Windows Update
08-12-2015 21:22:40 Avast Cleanup
10-12-2015 02:36:37 Windows Update
10-12-2015 03:01:12 Windows Update
13-12-2015 19:19:29 Windows Update
13-12-2015 19:46:34 Avast Cleanup
14-12-2015 19:50:21 Avast Cleanup
15-12-2015 05:20:46 Avast Cleanup
15-12-2015 21:36:42 Avast Cleanup
17-12-2015 06:08:56 Windows Update
19-12-2015 06:35:53 Windows Update
19-12-2015 06:37:38 Avast Cleanup
19-12-2015 19:46:30 Avast Cleanup
21-12-2015 10:39:25 Avast Cleanup
22-12-2015 11:03:15 Windows Update
22-12-2015 17:26:46 Gerätetreiber-Paketinstallation: Avast Netzwerkdienst
23-12-2015 21:21:12 Avast Cleanup
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {069858DD-921D-498F-AB04-69391758E7D4} - System32\Tasks\{69993F70-2728-48FC-A3D1-2B84988B78CC} => pcalua.exe -a C:\Users\Hans\Downloads\WISOMeinGeldPro.exe -d C:\Users\Hans\Downloads
Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {0D7930B3-6A49-4D7D-9A63-9FF506D60576} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {187532B4-A586-4AFE-B656-10C74CB6164A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-22] (AVAST Software)
Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {2312CE41-3E02-491F-84F7-39724334A4A7} - System32\Tasks\SafeZone scheduled Autoupdate 1450802017 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-21] (Avast Software)
Task: {4C65F9A8-BFC7-498F-AB0B-C01C336DAAA0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {886F123B-D25A-4AEB-A115-32CE07A5D0F9} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-10-13] (Samsung Electronics Co., Ltd.)
Task: {88CB6344-90D7-473F-8B7F-6FDA32A04AEB} - System32\Tasks\{C83758FD-D099-41C3-AF3A-7837E460469A} => pcalua.exe -a C:\Users\Hans\Downloads\Sigel_Label_Barcode\Sigel_Label_Barcode.exe -d C:\Users\Hans\Downloads\Sigel_Label_Barcode
Task: {89769842-211C-42FC-AFF5-7A19A5054D6B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {8EE25771-606E-4AB4-B92C-B58E7B92D5BA} - System32\Tasks\{DDB14B00-0C0A-4E30-8664-00655C907F16} => C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe [2013-12-02] (Identive)
Task: {9A8A9326-1E2B-4E8C-A1D2-B866FA0A85C4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {9D8651A2-298B-4CB3-81FE-2B1C7A9BD6E9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {A18B1661-6189-4500-A3EC-BCC307994B64} - System32\Tasks\{E33FBC09-FD58-411A-8474-4D3FD8130D81} => pcalua.exe -a C:\Users\Hans\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\windows\SysWOW64 -c /installmethod=jau-m FAMILYUPGRADE=1
Task: {A8FD0358-5254-4117-BF84-36DF363A538F} - System32\Tasks\{9C480DBD-C6AD-4764-888A-4D756689E5EC} => pcalua.exe -a C:\Users\Hans\Downloads\wlsetup-web.exe -d C:\Users\Hans\Downloads
Task: {A9E72616-884E-4835-BD1B-A6230FDC5D2A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {AA0A902A-E288-4D36-B273-908CABD39194} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AD20D237-7C34-4F5E-882B-28CF62A99A7D} - System32\Tasks\{FE7AABDC-65F5-4543-AE8D-84BF39BC93B0} => pcalua.exe -a C:\Users\Hans\AppData\Local\Temp\Temp1_Sigel_Professional_Label(1).zip\Sigel_Professional_Label.exe
Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FAC1579F-FCEE-447D-9547-767ED09DB72A} - System32\Tasks\{0237ABB1-4425-4A9A-AF07-06A47FF07CAB} => pcalua.exe -a C:\Users\Hans\Downloads\epson377873eu.exe -d C:\Users\Hans\Downloads
Task: {FC9393C7-8D64-4B71-B649-70CD953B3A0C} - \DealPlyUpdate -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job => C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-09-09 16:11 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-17 17:24 - 2008-06-04 07:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2009-09-01 04:31 - 2009-09-01 04:31 - 00022016 _____ () C:\windows\System32\ssp2ml6.dll
2015-11-03 17:59 - 2015-11-03 18:01 - 00151072 _____ () C:\windows\system32\DnsBlockUpdateSvc.exe
2014-09-11 16:22 - 2013-03-08 08:54 - 00017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2010-08-04 03:27 - 2009-03-05 10:54 - 00311296 _____ () C:\windows\SysWOW64\Rezip.exe
2015-12-22 17:24 - 2015-12-22 17:24 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-22 17:24 - 2015-12-22 17:24 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-23 12:34 - 2015-12-23 12:34 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122300\algo.dll
2015-12-22 17:24 - 2015-12-22 17:24 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-23 21:20 - 2015-12-23 21:20 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122302\algo.dll
2010-08-04 03:39 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2015-12-11 15:56 - 2015-10-31 01:59 - 00034768 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00022848 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00023352 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00042296 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 15:55 - 2015-10-31 01:59 - 00116688 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 15:56 - 2015-10-31 01:59 - 00093640 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 15:56 - 2015-10-31 01:59 - 00018376 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00019760 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00105928 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 15:55 - 2015-10-31 01:59 - 00392144 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 15:56 - 2015-12-08 22:36 - 00381752 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 15:56 - 2015-10-31 01:59 - 00692688 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00020816 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00109520 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 01737032 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00020808 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00020800 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00021840 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00038696 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00024528 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00020936 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00114640 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00021320 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00124880 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00030160 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00043472 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00175560 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00028616 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00048592 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00024392 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00036296 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 15:56 - 2015-10-31 02:00 - 00024016 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00117056 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00023376 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 15:56 - 2015-10-31 01:59 - 00134608 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 15:55 - 2015-10-31 01:59 - 00134088 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 15:55 - 2015-10-31 02:00 - 00240584 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00020280 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00052024 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00021304 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00350152 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00084792 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 15:55 - 2015-12-08 22:36 - 01826608 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 15:56 - 2015-10-31 02:00 - 00083912 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 03891504 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 01950000 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00519984 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00133936 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00225080 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00207672 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 15:56 - 2015-12-08 22:36 - 00024904 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00486704 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 15:55 - 2015-12-08 22:36 - 00357680 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-12-11 15:56 - 2015-10-31 02:01 - 00019920 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-12-11 15:55 - 2015-10-31 02:00 - 00786904 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-11 15:56 - 2015-10-31 02:00 - 00063448 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-12-11 15:56 - 2015-10-31 02:00 - 00019408 _____ () C:\Users\Hans\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-12-22 17:25 - 2015-12-22 17:25 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-22 17:33 - 2015-12-01 09:12 - 60742136 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\AvastSZB.dll
2015-12-22 17:33 - 2015-12-01 09:12 - 01919480 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\libglesv2.dll
2015-12-22 17:33 - 2015-12-01 09:12 - 00081400 _____ () C:\Program Files\AVAST Software\SZBrowser\1.46.1990.139\libegl.dll
2015-12-08 21:21 - 2015-12-08 21:21 - 17647296 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\windows\system32\DnsBlockUpdateSvc.exe:IID
AlternateDataStreams: C:\Users\Hans\Documents\Bilder RA Straub:com.dropbox.attributes
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{F1C06C51-379A-4301-93B4-40EDE8E10C56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{A3278E63-97AB-4714-823D-1F17DAA2F2ED}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{C68843DA-AF1A-4A53-B9E3-424489A064CB}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{6BB63C6C-B35C-4072-868E-D7536A699E6D}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{5BA07D47-6BAA-4D8F-BC74-E74A31E4CC75}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [TCP Query User{4EEFA51E-CFCE-4AB4-93F1-82E8BD153C40}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{614E6B8A-8265-43B4-B4FF-43FC1F7C884B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{4EB91C82-4AC8-48A3-981C-EEB36AE2839E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{70D81D79-2CB2-40F3-AD17-58D46E717806}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{7E2EDA01-CADA-49AF-9472-F960F806BD82}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [UDP Query User{6D81C02C-6A9B-4401-AC00-599269E0C2C0}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [TCP Query User{16B0C971-331D-4A82-8F52-02DF5F516DAB}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [UDP Query User{0C0966E4-DD09-41EC-9F32-B34DC98AC5EE}C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe] => (Block) C:\program files (x86)\chipdrive\chipdrive mykey\mykey\mykey.exe
FirewallRules: [{40EACEB4-D2EC-4090-A566-624D41F70924}] => (Allow) C:\Users\Hans\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{07329A11-3AAA-4A0C-B9BE-10B342564943}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{5B91196D-41A2-4C38-B7DE-9362D6809FFC}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{6366165C-C50E-4B95-8263-81ECC670B084}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{554C9539-3F86-417F-8B7D-2FD268257B6C}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe
FirewallRules: [{695AE07E-C5FC-4ADC-AFD4-804CFB6738B4}] => (Allow) C:\Users\Hans\AppData\Local\Temp\EPSON SX235 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe
FirewallRules: [{4A420D02-EFE5-411B-9FBA-E38FBDD87D91}] => (Allow) C:\Users\Hans\AppData\Local\Temp\EPSON SX235 Series_Home\Network\EpsonNetSetup\EpsonNetSetup3_4_1_FC_1_0_WW_Direct\ENEasyApp.exe
FirewallRules: [{8495A371-01D0-4537-86B7-951D8F4AA584}] => (Allow) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{464D0807-DB2B-4511-AE01-4B9D9516F195}] => (Allow) C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4BF36673-D381-4C9F-B699-22CCDAF2AE9F}] => (Allow) chrome.exe
FirewallRules: [{73967FFF-CCF9-4C88-BCA8-73F4268A18BA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{07668923-ED88-4C5A-88E6-2ED5BF35DE23}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{D33EBF02-4FAC-4508-831D-A28839948DF4}C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{27A78594-DA0A-492B-81C3-E329F3BCEB2F}C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hans\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C68C2C0D-AC7F-4628-BB3C-C2B2D60E14C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6FFECC67-0D1B-4B4D-BA5B-FAC57D413190}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DF405A78-E460-4C2E-B91D-72DEFF2A4D4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{95EFCC0E-537A-483E-AC5B-669545847071}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{069379B9-6785-4545-A69E-5A421B27D6BB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{20A5E0D9-BA5A-4659-A41F-B44C09B663E8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1C7E774C-6FAE-4B20-B024-A3B6E4A1498D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{62FB722A-E926-4485-BE0C-B463D35CB5E8}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3AC0571D-98AD-45F1-A2BD-ACD8E7B93C80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B604476-E8BC-4D30-8119-59D839D276F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{61F1CC4F-F606-4887-8E80-2F9B40B96F8E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/23/2015 11:51:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Gmer-19357.exe, Version 2.1.19357.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f84
Startzeit: 01d13dd44a70b6ed
Endzeit: 8
Anwendungspfad: C:\Users\Hans\Downloads\Gmer-19357.exe
Berichts-ID: a3153f3e-a9c7-11e5-be81-002454e7f112
Error: (12/23/2015 09:19:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Die abhängige Assemblierung "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (12/23/2015 06:45:30 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion.
Error: (12/20/2015 12:54:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 42.0.0.5780, Zeitstempel: 0x5632d0a4
Name des fehlerhaften Moduls: mozglue.dll, Version: 42.0.0.5780, Zeitstempel: 0x5632ba58
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed50
ID des fehlerhaften Prozesses: 0x15d4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (12/17/2015 06:14:32 AM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: ASU_MSI_TRAN. Fehler 1603 beim Starten der Transaktion.
Error: (12/11/2015 04:29:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AitStatic.exe, Version: 10.0.10004.0, Zeitstempel: 0x54c65a8b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56259271
Ausnahmecode: 0xc000000d
Fehleroffset: 0x000000000000b3dd
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xAitStatic.exe0
Pfad der fehlerhaften Anwendung: AitStatic.exe1
Pfad des fehlerhaften Moduls: AitStatic.exe2
Berichtskennung: AitStatic.exe3
Error: (12/11/2015 02:53:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SafeZoneBrowser.exe, Version: 38.0.2078.1, Zeitstempel: 0x53f612a6
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18952, Zeitstempel: 0x55c39c76
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f21e3
ID des fehlerhaften Prozesses: 0x1d74
Startzeit der fehlerhaften Anwendung: 0xSafeZoneBrowser.exe0
Pfad der fehlerhaften Anwendung: SafeZoneBrowser.exe1
Pfad des fehlerhaften Moduls: SafeZoneBrowser.exe2
Berichtskennung: SafeZoneBrowser.exe3
Error: (12/11/2015 02:48:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files\AVAST Software\Avast\AvastSvc.exe Files\AVAST Software\Avast\AvastSvc.exe"; Beschreibung = Avast Cleanup; Fehler = 0x81000101).
Error: (12/11/2015 07:04:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SafeZoneBrowser.exe, Version: 38.0.2078.1, Zeitstempel: 0x53f612a6
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18952, Zeitstempel: 0x55c39c76
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001f21e3
ID des fehlerhaften Prozesses: 0x1ec0
Startzeit der fehlerhaften Anwendung: 0xSafeZoneBrowser.exe0
Pfad der fehlerhaften Anwendung: SafeZoneBrowser.exe1
Pfad des fehlerhaften Moduls: SafeZoneBrowser.exe2
Berichtskennung: SafeZoneBrowser.exe3
Error: (12/10/2015 11:46:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.
Systemfehler:
=============
Error: (12/23/2015 03:35:43 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (12/23/2015 03:33:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (12/23/2015 03:28:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/23/2015 03:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/23/2015 12:33:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (12/23/2015 12:30:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (12/23/2015 12:25:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/23/2015 12:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iolo System Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/23/2015 06:04:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (12/23/2015 05:57:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 3956.55 MB
Verfügbarer physikalischer RAM: 1663.09 MB
Summe virtueller Speicher: 7911.31 MB
Verfügbarer virtueller Speicher: 5341.68 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:112 GB) (Free:19.83 GB) NTFS
Drive d: () (Fixed) (Total:165.99 GB) (Free:115.42 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8C0FBFDC)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=166 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-12-24 00:02:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Hans\AppData\Local\Temp\uxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1676] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075758781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\SysWOW64\ntdll.dll!LdrAccessResource 000000007762d284 5 bytes JMP 0000000100518940
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\SysWOW64\ntdll.dll!LdrFindResource_U 000000007762d2a1 5 bytes JMP 00000001005188b0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\syswow64\KERNELBASE.dll!LoadStringA 0000000075264b54 5 bytes JMP 00000001005187c0
.text C:\Program Files (x86)\HDD Health\hddhealth.exe[2808] C:\windows\syswow64\KERNELBASE.dll!LoadStringW 0000000075264bc1 5 bytes JMP 0000000100518850
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000769d1401 2 bytes JMP 7577b21b C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000769d1419 2 bytes JMP 7577b346 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000769d1431 2 bytes JMP 757f8fd1 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000769d144a 2 bytes CALL 7575489d C:\windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes JMP 757f88c4 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes JMP 757f8aa0 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000769d150d 2 bytes JMP 757f87ba C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes JMP 757f8b8a C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000769d153d 2 bytes JMP 7576fca8 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000769d1555 2 bytes JMP 757768ef C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes JMP 757f9089 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000769d1585 2 bytes JMP 757f8bea C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000769d159d 2 bytes JMP 757f877e C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes JMP 7576fd41 C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes JMP 7577b2dc C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes JMP 757f8f4c C:\windows\syswow64\kernel32.dll
.text C:\Users\Hans\AppData\Roaming\Dropbox\bin\Dropbox.exe[2836] C:\windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes JMP 757f8713 C:\windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4876:5336] 000007fefb742af8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654eb87
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f56e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654eb87 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f56e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
24.12.2015, 00:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rootkit in syswow64 Log von Avast bitte posten, sonst weiß niemand um was es da genau geht....
__________________
__________________ |
|
24.12.2015, 15:46
| #3 | |
| | Rootkit in syswow64Zitat:
anbei ein screenshot vom AVAST:  Hier noch ein log von TDSS: Code:
ATTFilter 15:39:26.0880 0x1600 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
15:39:32.0306 0x1600 ============================================================
15:39:32.0306 0x1600 Current date / time: 2015/12/24 15:39:32.0306
15:39:32.0306 0x1600 SystemInfo:
15:39:32.0306 0x1600
15:39:32.0306 0x1600 OS Version: 6.1.7601 ServicePack: 1.0
15:39:32.0306 0x1600 Product type: Workstation
15:39:32.0307 0x1600 ComputerName: LAPTOP
15:39:32.0307 0x1600 UserName: Hans
15:39:32.0307 0x1600 Windows directory: C:\windows
15:39:32.0307 0x1600 System windows directory: C:\windows
15:39:32.0307 0x1600 Running under WOW64
15:39:32.0308 0x1600 Processor architecture: Intel x64
15:39:32.0308 0x1600 Number of processors: 4
15:39:32.0308 0x1600 Page size: 0x1000
15:39:32.0308 0x1600 Boot type: Normal boot
15:39:32.0308 0x1600 ============================================================
15:39:33.0571 0x1600 KLMD registered as C:\windows\system32\drivers\59540713.sys
15:39:35.0443 0x1600 System UUID: {86F42B11-BF92-9F73-C43F-A5A8A3924617}
15:39:36.0897 0x1600 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:36.0923 0x1600 ============================================================
15:39:36.0923 0x1600 \Device\Harddisk0\DR0:
15:39:36.0971 0x1600 MBR partitions:
15:39:36.0971 0x1600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
15:39:36.0971 0x1600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xE000000
15:39:36.0993 0x1600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10833000, BlocksNum 0x14BFB000
15:39:36.0993 0x1600 ============================================================
15:39:37.0405 0x1600 C: <-> \Device\Harddisk0\DR0\Partition2
15:39:37.0573 0x1600 D: <-> \Device\Harddisk0\DR0\Partition3
15:39:37.0573 0x1600 ============================================================
15:39:37.0574 0x1600 Initialize success
15:39:37.0574 0x1600 ============================================================
15:40:03.0086 0x0224 ============================================================
15:40:03.0086 0x0224 Scan started
15:40:03.0086 0x0224 Mode: Manual; SigCheck; TDLFS;
15:40:03.0086 0x0224 ============================================================
15:40:03.0086 0x0224 KSN ping started
15:40:05.0739 0x0224 KSN ping finished: true
15:40:09.0673 0x0224 ================ Scan system memory ========================
15:40:09.0673 0x0224 System memory - ok
15:40:09.0676 0x0224 ================ Scan services =============================
15:40:11.0219 0x0224 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:40:11.0584 0x0224 1394ohci - ok
15:40:11.0903 0x0224 [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
15:40:11.0988 0x0224 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
15:40:12.0086 0x0224 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:40:12.0380 0x0224 ACPI - ok
15:40:12.0442 0x0224 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:40:12.0629 0x0224 AcpiPmi - ok
15:40:12.0770 0x0224 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:40:12.0816 0x0224 AdobeARMservice - ok
15:40:13.0409 0x0224 [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:40:13.0425 0x0224 AdobeFlashPlayerUpdateSvc - ok
15:40:13.0534 0x0224 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:40:14.0189 0x0224 adp94xx - ok
15:40:14.0298 0x0224 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:40:14.0610 0x0224 adpahci - ok
15:40:14.0673 0x0224 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:40:14.0782 0x0224 adpu320 - ok
15:40:14.0860 0x0224 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:40:14.0922 0x0224 AeLookupSvc - ok
15:40:15.0016 0x0224 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\windows\system32\drivers\afd.sys
15:40:15.0266 0x0224 AFD - ok
15:40:15.0312 0x0224 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
15:40:15.0422 0x0224 agp440 - ok
15:40:15.0484 0x0224 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
15:40:15.0562 0x0224 ALG - ok
15:40:15.0609 0x0224 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
15:40:15.0734 0x0224 aliide - ok
15:40:15.0796 0x0224 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
15:40:15.0921 0x0224 amdide - ok
15:40:15.0968 0x0224 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:40:16.0233 0x0224 AmdK8 - ok
15:40:16.0248 0x0224 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:40:16.0389 0x0224 AmdPPM - ok
15:40:16.0436 0x0224 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:40:16.0576 0x0224 amdsata - ok
15:40:16.0638 0x0224 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:40:16.0919 0x0224 amdsbs - ok
15:40:16.0950 0x0224 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
15:40:17.0106 0x0224 amdxata - ok
15:40:17.0169 0x0224 [ A0711D119BA4B48A1470C768D301013E, 536366F809125D2C2171597C8C2CB3271BE5C6B373152112E0D970749776E00A ] AppID C:\windows\system32\drivers\appid.sys
15:40:17.0372 0x0224 AppID - ok
15:40:17.0418 0x0224 [ 173C90AF5B243B4DD86F95CA154CB58A, 349F566DADC96B31FDC34C4F26545FB880844DBF84E5821AA0D0CAA91FB837E1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:40:17.0465 0x0224 AppIDSvc - ok
15:40:17.0528 0x0224 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\windows\System32\appinfo.dll
15:40:17.0652 0x0224 Appinfo - ok
15:40:17.0715 0x0224 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
15:40:17.0933 0x0224 arc - ok
15:40:17.0949 0x0224 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:40:18.0198 0x0224 arcsas - ok
15:40:18.0682 0x0224 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:18.0760 0x0224 aspnet_state - ok
15:40:18.0807 0x0224 [ 7BC1F2FC2A9D79E1EBBBF6D69AC3BA1F, 236265BE3F1B2130025A3A10152893BD0D18AD8965732361058B775F010539A2 ] aswHwid C:\windows\system32\drivers\aswHwid.sys
15:40:18.0932 0x0224 aswHwid - ok
15:40:18.0978 0x0224 [ 42AE0F2BF37CE46EB01A753F96FCC9B8, 3FCECB863664CA9877BF00B7B9E781608BD19CB9E409C98A45D1AFA4E7187882 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
15:40:19.0103 0x0224 aswKbd - ok
15:40:19.0556 0x0224 [ 68E76C1675AC171A84F5B7230652E19D, A707A4E51110B15FF7D73C95D4D9C1E457FC9D93E1479BDB67EBDDDD6AC28D8E ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
15:40:19.0758 0x0224 aswMonFlt - ok
15:40:20.0024 0x0224 [ E017E15F8EFD7675976743A8FBECCEBB, 64B3628E65AA0BC9093374726C76418CF4CB99743E8BE98A969CF5CA82E6D7EE ] aswNdisFlt C:\windows\system32\DRIVERS\aswNdisFlt.sys
15:40:20.0273 0x0224 aswNdisFlt - ok
15:40:20.0336 0x0224 [ 2D6B49A071216796106E7804AB2BA7DC, 6A58A3B36EA05A24333482F87CFD315F73E56A64E46493E82E0FE9115E284168 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
15:40:20.0507 0x0224 aswRdr - ok
15:40:20.0570 0x0224 [ E46B51C99BB750A81AC6A68362475A5C, 2A61C09902B39696D151B9D5E6A60FFC3CF3EA02613EC64BBAB4DEE3C78838E2 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
15:40:20.0679 0x0224 aswRvrt - ok
15:40:20.0835 0x0224 [ A428CC308673A5E74F91D92E4A2B205D, 0A768AA4BD1CD22B5181EDA692F7CB9A43F627BB4FFEEFBB8CBC77A45107A443 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
15:40:21.0162 0x0224 aswSnx - ok
15:40:21.0334 0x0224 [ C24A42A7689DB63EEF157797AA7012B5, AC25AFAD13E59DFBF68B9F9B9527F266F4671A5E0A1F04D9EA71D36C00AC21E9 ] aswSP C:\windows\system32\drivers\aswSP.sys
15:40:21.0474 0x0224 aswSP - ok
15:40:21.0568 0x0224 [ D9079E1A1C2A1F8ED5F37AF8E6CD3161, 629E3A642C5E3BEA65CDD2E08CAD69F9649A98BDA906678B51D3D2C9DB5BB253 ] aswStm C:\windows\system32\drivers\aswStm.sys
15:40:21.0615 0x0224 aswStm - ok
15:40:21.0740 0x0224 [ 3BEC32A0B646D914921FD56AA39998C1, 8DB7CBF3DEF8EAE1D7D28C38B3A0FCD5C2A04D772078B907F35C66451355A04A ] aswVmm C:\windows\system32\drivers\aswVmm.sys
15:40:21.0833 0x0224 aswVmm - ok
15:40:21.0864 0x0224 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:40:22.0020 0x0224 AsyncMac - ok
15:40:22.0067 0x0224 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
15:40:22.0270 0x0224 atapi - ok
15:40:23.0424 0x0224 [ E4951FCACFF04ECB08E2AF4976EB2F93, 04DDAF0212B7936CB48E0624C992EF09792F8C950AE9ED138F3D13EA6FF30B87 ] athr C:\windows\system32\DRIVERS\athrx.sys
15:40:23.0768 0x0224 athr - ok
15:40:24.0314 0x0224 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:40:24.0423 0x0224 AudioEndpointBuilder - ok
15:40:24.0438 0x0224 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\windows\System32\Audiosrv.dll
15:40:24.0470 0x0224 AudioSrv - ok
15:40:25.0359 0x0224 [ F5CB8703A4F51EE30E5C090C78073AA4, 90683F39E9AA315FFB66A9F014AD1BEBF19EA62908247C133455815F6632E578 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:40:25.0406 0x0224 avast! Antivirus - ok
15:40:25.0468 0x0224 [ 21144F53F79975801AB9A9A027707A85, 445F4838EF0B42A94D997244FE72744E72C7D669C169BC60F23DD3286AF32051 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
15:40:25.0515 0x0224 avast! Firewall - ok
15:40:25.0515 0x0224 AvastVBoxSvc - ok
15:40:25.0593 0x0224 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
15:40:25.0655 0x0224 AxInstSV - ok
15:40:25.0827 0x0224 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
15:40:26.0014 0x0224 b06bdrv - ok
15:40:26.0076 0x0224 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:40:26.0310 0x0224 b57nd60a - ok
15:40:26.0357 0x0224 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
15:40:26.0420 0x0224 BDESVC - ok
15:40:26.0466 0x0224 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
15:40:26.0591 0x0224 Beep - ok
15:40:26.0716 0x0224 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
15:40:26.0763 0x0224 BFE - ok
15:40:27.0278 0x0224 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
15:40:27.0465 0x0224 BITS - ok
15:40:27.0558 0x0224 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:40:27.0652 0x0224 blbdrive - ok
15:40:27.0714 0x0224 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:40:27.0824 0x0224 bowser - ok
15:40:27.0855 0x0224 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:40:28.0011 0x0224 BrFiltLo - ok
15:40:28.0073 0x0224 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:40:28.0292 0x0224 BrFiltUp - ok
15:40:28.0338 0x0224 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
15:40:28.0370 0x0224 Browser - ok
15:40:28.0494 0x0224 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:40:28.0682 0x0224 Brserid - ok
15:40:28.0697 0x0224 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:40:28.0853 0x0224 BrSerWdm - ok
15:40:28.0884 0x0224 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:40:29.0150 0x0224 BrUsbMdm - ok
15:40:29.0181 0x0224 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:40:29.0352 0x0224 BrUsbSer - ok
15:40:29.0415 0x0224 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:40:29.0680 0x0224 BthEnum - ok
15:40:29.0711 0x0224 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:40:29.0898 0x0224 BTHMODEM - ok
15:40:29.0945 0x0224 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:40:30.0351 0x0224 BthPan - ok
15:40:30.0476 0x0224 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:40:30.0647 0x0224 BTHPORT - ok
15:40:30.0694 0x0224 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
15:40:30.0819 0x0224 bthserv - ok
15:40:30.0866 0x0224 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:40:31.0100 0x0224 BTHUSB - ok
15:40:31.0162 0x0224 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:40:31.0349 0x0224 cdfs - ok
15:40:31.0458 0x0224 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:40:31.0661 0x0224 cdrom - ok
15:40:31.0708 0x0224 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
15:40:31.0802 0x0224 CertPropSvc - ok
15:40:31.0864 0x0224 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:40:32.0051 0x0224 circlass - ok
15:40:32.0176 0x0224 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\windows\system32\CLFS.sys
15:40:32.0379 0x0224 CLFS - ok
15:40:32.0566 0x0224 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:32.0613 0x0224 clr_optimization_v2.0.50727_32 - ok
15:40:32.0925 0x0224 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:32.0956 0x0224 clr_optimization_v2.0.50727_64 - ok
15:40:33.0471 0x0224 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:33.0674 0x0224 clr_optimization_v4.0.30319_32 - ok
15:40:33.0705 0x0224 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:33.0767 0x0224 clr_optimization_v4.0.30319_64 - ok
15:40:33.0798 0x0224 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:40:33.0923 0x0224 CmBatt - ok
15:40:33.0970 0x0224 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
15:40:34.0079 0x0224 cmdide - ok
15:40:34.0204 0x0224 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\windows\system32\Drivers\cng.sys
15:40:34.0376 0x0224 CNG - ok
15:40:34.0438 0x0224 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:40:34.0578 0x0224 Compbatt - ok
15:40:34.0625 0x0224 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
15:40:34.0750 0x0224 CompositeBus - ok
15:40:34.0766 0x0224 COMSysApp - ok
15:40:34.0781 0x0224 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:40:35.0078 0x0224 crcdisk - ok
15:40:35.0171 0x0224 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\windows\system32\cryptsvc.dll
15:40:35.0265 0x0224 CryptSvc - ok
15:40:35.0312 0x0224 [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
15:40:35.0811 0x0224 dc3d - ok
15:40:36.0029 0x0224 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
15:40:36.0154 0x0224 DcomLaunch - ok
15:40:36.0294 0x0224 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
15:40:36.0404 0x0224 defragsvc - ok
15:40:36.0450 0x0224 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:40:36.0560 0x0224 DfsC - ok
15:40:36.0731 0x0224 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
15:40:36.0809 0x0224 Dhcp - ok
15:40:37.0043 0x0224 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\windows\system32\diagtrack.dll
15:40:37.0137 0x0224 DiagTrack - ok
15:40:37.0168 0x0224 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
15:40:37.0371 0x0224 discache - ok
15:40:37.0402 0x0224 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
15:40:37.0496 0x0224 Disk - ok
15:40:37.0589 0x0224 [ 3D71F6425FCF083E4B9C61A2F43985C7, A8DA8099622E41D445FABFF9FA0865B6E148F6DF507C69E0A866DF1B18C3C306 ] DnsBlockUpdateSvc C:\windows\system32\DnsBlockUpdateSvc.exe
15:40:37.0636 0x0224 DnsBlockUpdateSvc - ok
15:40:37.0730 0x0224 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:40:37.0839 0x0224 Dnscache - ok
15:40:37.0932 0x0224 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
15:40:38.0026 0x0224 dot3svc - ok
15:40:38.0120 0x0224 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
15:40:38.0229 0x0224 DPS - ok
15:40:38.0276 0x0224 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:40:38.0416 0x0224 drmkaud - ok
15:40:38.0790 0x0224 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:40:38.0946 0x0224 DXGKrnl - ok
15:40:39.0024 0x0224 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
15:40:39.0102 0x0224 EapHost - ok
15:40:40.0116 0x0224 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
15:40:40.0319 0x0224 ebdrv - ok
15:40:40.0366 0x0224 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\windows\System32\lsass.exe
15:40:40.0569 0x0224 EFS - ok
15:40:41.0536 0x0224 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:40:41.0598 0x0224 ehRecvr - ok
15:40:41.0661 0x0224 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
15:40:41.0739 0x0224 ehSched - ok
15:40:41.0801 0x0224 [ 627350A11295D82BF78D155B12FFD0EF, BF4A80A379803C765EF5163EE7422A30D8F35820E38690F11A27FA605DD20FFA ] ElRawDisk C:\windows\system32\drivers\ElRawDsk.sys
15:40:41.0910 0x0224 ElRawDisk - ok
15:40:42.0098 0x0224 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:40:42.0191 0x0224 elxstor - ok
15:40:42.0425 0x0224 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
15:40:42.0534 0x0224 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
15:40:45.0046 0x0224 Detect skipped due to KSN trusted
15:40:45.0046 0x0224 EpsonBidirectionalService - ok
15:40:45.0264 0x0224 [ 194E8100D57FC13BEF88129BAAD07E46, 745D24ADD99ED182FCCA30C6B85167484B74D3EFD631AF92AA57AAD73F474631 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:40:45.0327 0x0224 EPSON_PM_RPCV4_04 - ok
15:40:45.0374 0x0224 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
15:40:45.0483 0x0224 ErrDev - ok
15:40:45.0717 0x0224 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
15:40:45.0795 0x0224 EventSystem - ok
15:40:45.0795 0x0224 ewusbmbb - ok
15:40:45.0826 0x0224 ewusbnet - ok
15:40:45.0826 0x0224 ew_hwusbdev - ok
15:40:45.0888 0x0224 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
15:40:45.0982 0x0224 exfat - ok
15:40:46.0060 0x0224 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
15:40:46.0232 0x0224 fastfat - ok
15:40:46.0372 0x0224 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
15:40:46.0450 0x0224 Fax - ok
15:40:46.0466 0x0224 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:40:46.0856 0x0224 fdc - ok
15:40:46.0902 0x0224 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
15:40:47.0027 0x0224 fdPHost - ok
15:40:47.0058 0x0224 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
15:40:47.0183 0x0224 FDResPub - ok
15:40:47.0246 0x0224 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:40:47.0324 0x0224 FileInfo - ok
15:40:47.0355 0x0224 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:40:47.0526 0x0224 Filetrace - ok
15:40:47.0542 0x0224 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:40:47.0636 0x0224 flpydisk - ok
15:40:47.0682 0x0224 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:40:47.0792 0x0224 FltMgr - ok
15:40:47.0932 0x0224 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\windows\system32\FntCache.dll
15:40:48.0026 0x0224 FontCache - ok
15:40:48.0119 0x0224 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:48.0182 0x0224 FontCache3.0.0.0 - ok
15:40:48.0213 0x0224 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:40:48.0275 0x0224 FsDepends - ok
15:40:48.0338 0x0224 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:40:48.0462 0x0224 Fs_Rec - ok
15:40:48.0587 0x0224 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:40:48.0790 0x0224 fvevol - ok
15:40:48.0837 0x0224 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:40:48.0930 0x0224 gagp30kx - ok
15:40:49.0242 0x0224 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
15:40:49.0367 0x0224 gpsvc - ok
15:40:49.0430 0x0224 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:40:49.0523 0x0224 hcw85cir - ok
15:40:49.0632 0x0224 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:40:49.0851 0x0224 HdAudAddService - ok
15:40:49.0913 0x0224 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
15:40:50.0022 0x0224 HDAudBus - ok
15:40:50.0116 0x0224 [ 5DC84FEF6A9050019678C30B1D01C8E8, 923B1CDAEDF153FA280EF301A8BEE0F44DF4B13716A8FE6B0785433F85884D6C ] HDDHealth C:\Program Files (x86)\HDD Health\HDDHealthService.exe
15:40:50.0163 0x0224 HDDHealth - detected UnsignedFile.Multi.Generic ( 1 )
15:40:52.0986 0x0224 Detect skipped due to KSN trusted
15:40:52.0986 0x0224 HDDHealth - ok
15:40:53.0033 0x0224 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:40:53.0142 0x0224 HidBatt - ok
15:40:53.0158 0x0224 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:40:53.0267 0x0224 HidBth - ok
15:40:53.0330 0x0224 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:40:53.0439 0x0224 HidIr - ok
15:40:53.0486 0x0224 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
15:40:53.0564 0x0224 hidserv - ok
15:40:53.0610 0x0224 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:40:53.0720 0x0224 HidUsb - ok
15:40:53.0782 0x0224 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
15:40:53.0922 0x0224 hkmsvc - ok
15:40:53.0969 0x0224 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:40:54.0016 0x0224 HomeGroupListener - ok
15:40:54.0094 0x0224 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:40:54.0156 0x0224 HomeGroupProvider - ok
15:40:54.0219 0x0224 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:40:54.0375 0x0224 HpSAMD - ok
15:40:54.0702 0x0224 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:40:54.0905 0x0224 HTTP - ok
15:40:54.0905 0x0224 huawei_enumerator - ok
15:40:54.0921 0x0224 hwdatacard - ok
15:40:54.0968 0x0224 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:40:55.0077 0x0224 hwpolicy - ok
15:40:55.0139 0x0224 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
15:40:55.0248 0x0224 i8042prt - ok
15:40:55.0404 0x0224 [ A5F72BB0D024E7E463344105BE613AE4, 22B1DED17118C85ACC1F57996FA13428FFE8C96051FAF5212A7E37430F4C62E8 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:40:55.0623 0x0224 iaStor - ok
15:40:55.0794 0x0224 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:40:55.0904 0x0224 iaStorV - ok
15:40:56.0106 0x0224 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:56.0169 0x0224 idsvc - ok
15:40:56.0184 0x0224 IEEtwCollectorService - ok
15:40:57.0152 0x0224 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:40:57.0417 0x0224 igfx - ok
15:40:57.0744 0x0224 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:40:57.0838 0x0224 iirsp - ok
15:40:58.0088 0x0224 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
15:40:58.0197 0x0224 IKEEXT - ok
15:40:58.0275 0x0224 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
15:40:58.0431 0x0224 Impcd - ok
15:40:58.0961 0x0224 [ 801946CE25DD2179FE68599826B0BB88, 4C9D10303DF1EC005693DD28220A9C5B87DD32244112BA1F09D8AD0CF7D311DC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:40:59.0460 0x0224 IntcAzAudAddService - ok
15:40:59.0492 0x0224 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
15:40:59.0694 0x0224 intelide - ok
15:40:59.0788 0x0224 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:40:59.0897 0x0224 intelppm - ok
15:40:59.0913 0x0224 ioloSystemService - ok
15:40:59.0960 0x0224 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:41:00.0069 0x0224 IPBusEnum - ok
15:41:00.0209 0x0224 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:41:00.0334 0x0224 IpFilterDriver - ok
15:41:00.0537 0x0224 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:41:00.0584 0x0224 iphlpsvc - ok
15:41:00.0630 0x0224 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:41:00.0724 0x0224 IPMIDRV - ok
15:41:00.0771 0x0224 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:41:01.0114 0x0224 IPNAT - ok
15:41:01.0145 0x0224 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
15:41:01.0286 0x0224 IRENUM - ok
15:41:01.0317 0x0224 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:41:01.0457 0x0224 isapnp - ok
15:41:01.0613 0x0224 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:41:01.0722 0x0224 iScsiPrt - ok
15:41:01.0738 0x0224 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
15:41:01.0878 0x0224 kbdclass - ok
15:41:01.0925 0x0224 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
15:41:02.0112 0x0224 kbdhid - ok
15:41:02.0144 0x0224 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\windows\system32\lsass.exe
15:41:02.0175 0x0224 KeyIso - ok
15:41:02.0237 0x0224 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:41:02.0346 0x0224 KSecDD - ok
15:41:02.0409 0x0224 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:41:02.0518 0x0224 KSecPkg - ok
15:41:02.0549 0x0224 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:41:02.0690 0x0224 ksthunk - ok
15:41:03.0251 0x0224 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
15:41:03.0376 0x0224 KtmRm - ok
15:41:03.0423 0x0224 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
15:41:03.0516 0x0224 LanmanServer - ok
15:41:03.0563 0x0224 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:41:03.0657 0x0224 LanmanWorkstation - ok
15:41:03.0672 0x0224 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:41:03.0813 0x0224 lltdio - ok
15:41:04.0031 0x0224 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
15:41:04.0172 0x0224 lltdsvc - ok
15:41:04.0187 0x0224 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
15:41:04.0265 0x0224 lmhosts - ok
15:41:04.0312 0x0224 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:41:04.0484 0x0224 LSI_FC - ok
15:41:04.0515 0x0224 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:41:04.0624 0x0224 LSI_SAS - ok
15:41:04.0655 0x0224 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:41:04.0796 0x0224 LSI_SAS2 - ok
15:41:04.0827 0x0224 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:41:04.0983 0x0224 LSI_SCSI - ok
15:41:05.0076 0x0224 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
15:41:05.0264 0x0224 luafv - ok
15:41:05.0326 0x0224 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:41:05.0404 0x0224 Mcx2Svc - ok
15:41:05.0420 0x0224 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:41:05.0529 0x0224 megasas - ok
15:41:05.0638 0x0224 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:41:05.0810 0x0224 MegaSR - ok
15:41:05.0872 0x0224 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
15:41:05.0966 0x0224 MMCSS - ok
15:41:05.0997 0x0224 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
15:41:06.0137 0x0224 Modem - ok
15:41:06.0184 0x0224 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:41:06.0496 0x0224 monitor - ok
15:41:06.0527 0x0224 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\drivers\mouclass.sys
15:41:06.0574 0x0224 mouclass - ok
15:41:06.0636 0x0224 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:41:06.0761 0x0224 mouhid - ok
15:41:06.0824 0x0224 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:41:06.0886 0x0224 mountmgr - ok
15:41:06.0980 0x0224 [ EB4B5C8AB9DA5585CCC975CD3D072115, BEED5B7478F92C9FB1BBB62FFCEB5321A5C12A7C1AA9B20151BF22064589CD46 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:41:07.0042 0x0224 MozillaMaintenance - ok
15:41:07.0214 0x0224 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
15:41:07.0338 0x0224 MpFilter - ok
15:41:07.0432 0x0224 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
15:41:07.0588 0x0224 mpio - ok
15:41:07.0635 0x0224 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:41:07.0775 0x0224 mpsdrv - ok
15:41:08.0072 0x0224 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
15:41:08.0165 0x0224 MpsSvc - ok
15:41:08.0228 0x0224 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:41:08.0306 0x0224 MRxDAV - ok
15:41:08.0836 0x0224 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:41:08.0976 0x0224 mrxsmb - ok
15:41:09.0054 0x0224 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:41:09.0210 0x0224 mrxsmb10 - ok
15:41:09.0242 0x0224 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:41:09.0335 0x0224 mrxsmb20 - ok
15:41:09.0444 0x0224 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
15:41:09.0538 0x0224 msahci - ok
15:41:09.0600 0x0224 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:41:09.0663 0x0224 msdsm - ok
15:41:09.0803 0x0224 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
15:41:09.0881 0x0224 MSDTC - ok
15:41:09.0975 0x0224 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:41:10.0115 0x0224 Msfs - ok
15:41:10.0146 0x0224 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:41:10.0271 0x0224 mshidkmdf - ok
15:41:10.0318 0x0224 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:41:10.0396 0x0224 msisadrv - ok
15:41:10.0458 0x0224 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:41:10.0552 0x0224 MSiSCSI - ok
15:41:10.0552 0x0224 msiserver - ok
15:41:10.0614 0x0224 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:41:10.0739 0x0224 MSKSSRV - ok
15:41:10.0864 0x0224 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:41:10.0911 0x0224 MsMpSvc - ok
15:41:10.0926 0x0224 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:41:11.0098 0x0224 MSPCLOCK - ok
15:41:11.0114 0x0224 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:41:11.0270 0x0224 MSPQM - ok
15:41:11.0379 0x0224 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:41:11.0582 0x0224 MsRPC - ok
15:41:11.0628 0x0224 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
15:41:11.0738 0x0224 mssmbios - ok
15:41:11.0816 0x0224 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:41:11.0972 0x0224 MSTEE - ok
15:41:11.0987 0x0224 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:41:12.0096 0x0224 MTConfig - ok
15:41:12.0128 0x0224 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
15:41:12.0221 0x0224 Mup - ok
15:41:12.0408 0x0224 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
15:41:12.0486 0x0224 napagent - ok
15:41:12.0580 0x0224 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:41:12.0720 0x0224 NativeWifiP - ok
15:41:12.0986 0x0224 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\windows\system32\drivers\ndis.sys
15:41:13.0186 0x0224 NDIS - ok
15:41:13.0211 0x0224 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:41:13.0418 0x0224 NdisCap - ok
15:41:13.0472 0x0224 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:41:13.0592 0x0224 NdisTapi - ok
15:41:13.0643 0x0224 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:41:13.0816 0x0224 Ndisuio - ok
15:41:14.0168 0x0224 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:41:14.0397 0x0224 NdisWan - ok
15:41:14.0470 0x0224 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:41:14.0597 0x0224 NDProxy - ok
15:41:14.0639 0x0224 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:41:14.0819 0x0224 NetBIOS - ok
15:41:14.0870 0x0224 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:41:15.0029 0x0224 NetBT - ok
15:41:15.0056 0x0224 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\windows\system32\lsass.exe
15:41:15.0078 0x0224 Netlogon - ok
15:41:15.0190 0x0224 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
15:41:15.0306 0x0224 Netman - ok
15:41:15.0394 0x0224 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:15.0715 0x0224 NetMsmqActivator - ok
15:41:15.0723 0x0224 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:15.0749 0x0224 NetPipeActivator - ok
15:41:15.0797 0x0224 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
15:41:15.0879 0x0224 netprofm - ok
15:41:15.0936 0x0224 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:15.0955 0x0224 NetTcpActivator - ok
15:41:15.0979 0x0224 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:16.0002 0x0224 NetTcpPortSharing - ok
15:41:16.0054 0x0224 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:41:16.0141 0x0224 nfrd960 - ok
15:41:16.0204 0x0224 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
15:41:16.0297 0x0224 NisDrv - ok
15:41:16.0393 0x0224 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
15:41:16.0432 0x0224 NisSrv - ok
15:41:16.0549 0x0224 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll
15:41:16.0613 0x0224 NlaSvc - ok
15:41:16.0657 0x0224 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
15:41:16.0816 0x0224 Npfs - ok
15:41:16.0882 0x0224 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
15:41:17.0013 0x0224 nsi - ok
15:41:17.0062 0x0224 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:41:17.0193 0x0224 nsiproxy - ok
15:41:17.0753 0x0224 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:41:17.0959 0x0224 Ntfs - ok
15:41:18.0030 0x0224 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
15:41:18.0139 0x0224 Null - ok
15:41:18.0227 0x0224 [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
15:41:18.0256 0x0224 NVHDA - ok
15:41:22.0779 0x0224 [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:41:23.0629 0x0224 nvlddmkm - ok
15:41:23.0710 0x0224 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
15:41:23.0818 0x0224 nvraid - ok
15:41:23.0911 0x0224 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
15:41:24.0020 0x0224 nvstor - ok
15:41:24.0281 0x0224 [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\windows\system32\nvvsvc.exe
15:41:24.0325 0x0224 nvsvc - ok
15:41:24.0600 0x064c Object required for P2P: [ 21144F53F79975801AB9A9A027707A85 ] avast! Firewall
15:41:24.0738 0x0224 [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:41:24.0808 0x0224 nvUpdatusService - ok
15:41:24.0847 0x0224 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:41:24.0930 0x0224 nv_agp - ok
15:41:25.0136 0x0224 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:41:25.0169 0x0224 odserv - ok
15:41:25.0216 0x0224 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:41:25.0748 0x0224 ohci1394 - ok
15:41:25.0837 0x0224 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:25.0871 0x0224 ose - ok
15:41:25.0999 0x0224 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:41:26.0069 0x0224 p2pimsvc - ok
15:41:26.0192 0x0224 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
15:41:26.0288 0x0224 p2psvc - ok
15:41:26.0335 0x0224 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:41:26.0515 0x0224 Parport - ok
15:41:26.0587 0x0224 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
15:41:26.0668 0x0224 partmgr - ok
15:41:26.0774 0x0224 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\windows\System32\pcasvc.dll
15:41:26.0836 0x0224 PcaSvc - ok
15:41:26.0940 0x0224 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
15:41:27.0124 0x0224 pci - ok
15:41:27.0148 0x064c Object send P2P result: true
15:41:27.0163 0x0224 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
15:41:27.0267 0x0224 pciide - ok
15:41:27.0344 0x0224 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:41:27.0444 0x0224 pcmcia - ok
15:41:27.0475 0x0224 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
15:41:27.0571 0x0224 pcw - ok
15:41:27.0854 0x0224 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:41:27.0948 0x0224 PEAUTH - ok
15:41:30.0195 0x0224 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
15:41:30.0242 0x0224 PerfHost - ok
15:41:30.0540 0x0224 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
15:41:30.0669 0x0224 pla - ok
15:41:30.0758 0x0224 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:41:31.0563 0x0224 PlugPlay - ok
15:41:32.0229 0x0224 [ EDB407D1F55B9AA2FD2A718AF0EA89A3, 0E86BDD772CCF697E05F8F6F03EC35CBD66124A2A9803AE55C33DB022B7D2AE7 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
15:41:32.0339 0x0224 PMBDeviceInfoProvider - ok
15:41:32.0390 0x0224 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:41:32.0439 0x0224 PNRPAutoReg - ok
15:41:32.0505 0x0224 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:41:32.0532 0x0224 PNRPsvc - ok
15:41:32.0662 0x0224 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:41:32.0750 0x0224 PolicyAgent - ok
15:41:32.0830 0x0224 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
15:41:32.0935 0x0224 Power - ok
15:41:32.0991 0x0224 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:41:33.0081 0x0224 PptpMiniport - ok
15:41:33.0108 0x0224 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
15:41:33.0198 0x0224 Processor - ok
15:41:33.0289 0x0224 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll
15:41:33.0326 0x0224 ProfSvc - ok
15:41:33.0347 0x0224 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\windows\system32\lsass.exe
15:41:33.0367 0x0224 ProtectedStorage - ok
15:41:33.0448 0x0224 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:41:33.0547 0x0224 Psched - ok
15:41:33.0734 0x0224 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:41:33.0887 0x0224 ql2300 - ok
15:41:33.0940 0x0224 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:41:34.0045 0x0224 ql40xx - ok
15:41:34.0143 0x0224 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
15:41:34.0203 0x0224 QWAVE - ok
15:41:34.0233 0x0224 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:41:34.0371 0x0224 QWAVEdrv - ok
15:41:34.0395 0x0224 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:41:34.0567 0x0224 RasAcd - ok
15:41:34.0606 0x0224 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:41:34.0737 0x0224 RasAgileVpn - ok
15:41:34.0788 0x0224 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
15:41:34.0872 0x0224 RasAuto - ok
15:41:34.0926 0x0224 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:41:35.0096 0x0224 Rasl2tp - ok
15:41:35.0208 0x0224 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
15:41:35.0287 0x0224 RasMan - ok
15:41:35.0369 0x0224 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:41:35.0556 0x0224 RasPppoe - ok
15:41:35.0594 0x0224 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:41:35.0745 0x0224 RasSstp - ok
15:41:35.0779 0x0224 [ CE8517999196B6DDDC0E369CB5E35283, 22C32DAC8D470767674AE1F71BE3F77BFE60439EEC6F59100BFEA978F68447A9 ] RawDisk3 C:\windows\system32\drivers\rawdsk3.sys
15:41:35.0972 0x0224 RawDisk3 - ok
15:41:36.0097 0x0224 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:41:36.0431 0x0224 rdbss - ok
15:41:36.0481 0x0224 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:41:36.0569 0x0224 rdpbus - ok
15:41:36.0598 0x0224 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:41:36.0693 0x0224 RDPCDD - ok
15:41:36.0731 0x0224 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:41:36.0809 0x0224 RDPENCDD - ok
15:41:37.0084 0x0224 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:41:37.0181 0x0224 RDPREFMP - ok
15:41:37.0401 0x0224 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
15:41:37.0591 0x0224 RdpVideoMiniport - ok
15:41:37.0665 0x0224 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:41:37.0890 0x0224 RDPWD - ok
15:41:37.0981 0x0224 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:41:38.0077 0x0224 rdyboost - ok
15:41:38.0212 0x0224 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
15:41:38.0322 0x0224 RemoteAccess - ok
15:41:38.0447 0x0224 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:41:38.0546 0x0224 RemoteRegistry - ok
15:41:38.0648 0x0224 [ F85AE59A52885F4B09AADAFB23001A3B, CE722F19C0F916BC9EC1B7B28A479C71504190271B54B4B9ACA82922B484FEA0 ] Rezip C:\windows\SysWOW64\Rezip.exe
15:41:38.0700 0x0224 Rezip - detected UnsignedFile.Multi.Generic ( 1 )
15:41:41.0193 0x0224 Detect skipped due to KSN trusted
15:41:41.0193 0x0224 Rezip - ok
15:41:41.0279 0x0224 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:41:41.0470 0x0224 RFCOMM - ok
15:41:41.0715 0x0224 [ 7CCAEBCAB6FC1ED0206C07E083E79207, 40BFA1BEDFF093652279494EDD397FC094794B76916C2681D0544D6793314DFE ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:41:41.0747 0x0224 RichVideo - ok
15:41:41.0819 0x0224 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:41:41.0897 0x0224 RpcEptMapper - ok
15:41:41.0919 0x0224 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
15:41:41.0970 0x0224 RpcLocator - ok
15:41:42.0148 0x0224 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
15:41:42.0219 0x0224 RpcSs - ok
15:41:42.0298 0x0224 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:41:43.0106 0x0224 rspndr - ok
15:41:43.0143 0x0224 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:41:43.0291 0x0224 RTL8167 - ok
15:41:43.0371 0x0224 [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport C:\windows\SysWOW64\drivers\rtport.sys
15:41:43.0515 0x0224 rtport - ok
15:41:43.0574 0x0224 [ A49CDA75F8E41F769D19E2669BD62B37, 768A7CAD039C0285191E9D20E36ED8B9A2009499D75888AD88418385B0B9E1AB ] S3XXx64 C:\windows\system32\DRIVERS\S3XXx64.sys
15:41:43.0707 0x0224 S3XXx64 - ok
15:41:43.0784 0x0224 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\windows\system32\Drivers\SABI.sys
15:41:43.0989 0x0224 SABI - ok
15:41:44.0052 0x0224 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\windows\system32\lsass.exe
15:41:44.0073 0x0224 SamSs - ok
15:41:44.0190 0x0224 [ D641337B75B9A9D5AE10687AA1097755, 1495654D9090FDE04EF8605D1C8A4B0ACA1A50A4E0A992DE2F049CB8413E860C ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
15:41:44.0220 0x0224 Samsung UPD Service - ok
15:41:44.0281 0x0224 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:41:44.0347 0x0224 sbp2port - ok
15:41:44.0456 0x0224 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
15:41:44.0568 0x0224 SCardSvr - ok
15:41:44.0625 0x0224 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:41:44.0748 0x0224 scfilter - ok
15:41:45.0189 0x0224 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\windows\system32\schedsvc.dll
15:41:45.0276 0x0224 Schedule - ok
15:41:45.0313 0x0224 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
15:41:45.0374 0x0224 SCPolicySvc - ok
15:41:45.0470 0x0224 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:41:45.0602 0x0224 SDRSVC - ok
15:41:45.0627 0x0224 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
15:41:45.0787 0x0224 secdrv - ok
15:41:45.0847 0x0224 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
15:41:45.0911 0x0224 seclogon - ok
15:41:45.0987 0x0224 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
15:41:46.0085 0x0224 SENS - ok
15:41:46.0123 0x0224 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
15:41:46.0197 0x0224 SensrSvc - ok
15:41:46.0247 0x0224 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:41:46.0344 0x0224 Serenum - ok
15:41:46.0372 0x0224 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
15:41:46.0449 0x0224 Serial - ok
15:41:46.0505 0x0224 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:41:46.0677 0x0224 sermouse - ok
15:41:46.0739 0x0224 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
15:41:46.0863 0x0224 SessionEnv - ok
15:41:46.0969 0x0224 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:41:47.0059 0x0224 sffdisk - ok
15:41:47.0076 0x0224 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:41:47.0151 0x0224 sffp_mmc - ok
15:41:47.0180 0x0224 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:41:47.0275 0x0224 sffp_sd - ok
15:41:47.0313 0x0224 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:41:47.0387 0x0224 sfloppy - ok
15:41:47.0591 0x0224 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
15:41:47.0689 0x0224 SharedAccess - ok
15:41:47.0910 0x0224 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:41:47.0989 0x0224 ShellHWDetection - ok
15:41:48.0029 0x0224 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:41:48.0111 0x0224 SiSRaid2 - ok
15:41:48.0442 0x0224 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:41:48.0578 0x0224 SiSRaid4 - ok
15:41:48.0744 0x0224 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:41:48.0783 0x0224 SkypeUpdate - ok
15:41:48.0807 0x0224 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:41:49.0014 0x0224 Smb - ok
15:41:49.0093 0x0224 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:41:49.0135 0x0224 SNMPTRAP - ok
15:41:49.0207 0x0224 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
15:41:49.0284 0x0224 spldr - ok
15:41:49.0472 0x0224 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
15:41:49.0554 0x0224 Spooler - ok
15:41:50.0990 0x0224 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
15:41:51.0953 0x0224 sppsvc - ok
15:41:52.0066 0x0224 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:41:52.0132 0x0224 sppuinotify - ok
15:41:52.0291 0x0224 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
15:41:52.0436 0x0224 srv - ok
15:41:52.0605 0x0224 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:41:52.0709 0x0224 srv2 - ok
15:41:52.0797 0x0224 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:41:53.0278 0x0224 srvnet - ok
15:41:53.0366 0x0224 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:41:53.0442 0x0224 SSDPSRV - ok
15:41:54.0396 0x0224 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
15:41:54.0561 0x0224 SstpSvc - ok
15:41:54.0611 0x0224 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:41:54.0703 0x0224 stexstor - ok
15:41:54.0864 0x0224 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
15:41:54.0936 0x0224 stisvc - ok
15:41:54.0988 0x0224 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
15:41:55.0092 0x0224 swenum - ok
15:41:55.0226 0x0224 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
15:41:55.0323 0x0224 swprv - ok
15:41:55.0462 0x0224 [ 3C80203C725C28CEA5713D1AB242880A, 4056DD312C5DFDF52AA98C69964DB9F573717BF416150225F8EAB30518AE45E9 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
15:41:55.0542 0x0224 SynTP - ok
15:41:55.0912 0x0224 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\windows\system32\sysmain.dll
15:41:56.0044 0x0224 SysMain - ok
15:41:56.0162 0x0224 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
15:41:56.0223 0x0224 TabletInputService - ok
15:41:56.0303 0x0224 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
15:41:56.0521 0x0224 TapiSrv - ok
15:41:56.0560 0x0224 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
15:41:56.0676 0x0224 TBS - ok
15:41:57.0115 0x0224 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:41:57.0306 0x0224 Tcpip - ok
15:41:57.0876 0x0224 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:41:58.0000 0x0224 TCPIP6 - ok
15:41:58.0065 0x0224 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:41:58.0156 0x0224 tcpipreg - ok
15:41:58.0197 0x0224 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:41:58.0306 0x0224 TDPIPE - ok
15:41:58.0338 0x0224 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:41:58.0558 0x0224 TDTCP - ok
15:41:58.0616 0x0224 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:41:58.0760 0x0224 tdx - ok
15:41:58.0821 0x0224 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
15:41:58.0884 0x0224 TermDD - ok
15:41:59.0013 0x0224 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll
15:41:59.0103 0x0224 TermService - ok
15:41:59.0143 0x0224 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
15:41:59.0181 0x0224 Themes - ok
15:41:59.0243 0x0224 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
15:41:59.0318 0x0224 THREADORDER - ok
15:41:59.0371 0x0224 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
15:41:59.0470 0x0224 TrkWks - ok
15:42:00.0486 0x0224 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:42:00.0720 0x0224 TrustedInstaller - ok
15:42:00.0786 0x0224 [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:42:00.0876 0x0224 tssecsrv - ok
15:42:00.0951 0x0224 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:42:01.0063 0x0224 TsUsbFlt - ok
15:42:01.0113 0x0224 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:42:01.0258 0x0224 tunnel - ok
15:42:01.0283 0x0224 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:42:01.0399 0x0224 uagp35 - ok
15:42:01.0499 0x0224 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:42:01.0624 0x0224 udfs - ok
15:42:01.0690 0x0224 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
15:42:01.0749 0x0224 UI0Detect - ok
15:42:01.0799 0x0224 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:42:01.0856 0x0224 uliagpkx - ok
15:42:01.0880 0x0224 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\drivers\umbus.sys
15:42:01.0953 0x0224 umbus - ok
15:42:02.0017 0x0224 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:42:02.0108 0x0224 UmPass - ok
15:42:02.0236 0x0224 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
15:42:02.0311 0x0224 upnphost - ok
15:42:02.0352 0x0224 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:42:02.0497 0x0224 usbccgp - ok
15:42:02.0541 0x0224 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
15:42:02.0636 0x0224 usbcir - ok
15:42:02.0699 0x0224 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
15:42:02.0803 0x0224 usbehci - ok
15:42:02.0950 0x0224 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:42:03.0042 0x0224 usbhub - ok
15:42:03.0088 0x0224 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
15:42:03.0170 0x0224 usbohci - ok
15:42:03.0206 0x0224 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:42:03.0324 0x0224 usbprint - ok
15:42:03.0375 0x0224 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:42:03.0490 0x0224 usbscan - ok
15:42:03.0574 0x0224 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:42:03.0703 0x0224 USBSTOR - ok
15:42:03.0742 0x0224 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:42:03.0892 0x0224 usbuhci - ok
15:42:03.0960 0x0224 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
15:42:04.0063 0x0224 usbvideo - ok
15:42:04.0126 0x0224 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
15:42:04.0204 0x0224 UxSms - ok
15:42:04.0252 0x0224 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\windows\system32\lsass.exe
15:42:04.0272 0x0224 VaultSvc - ok
15:42:04.0746 0x0224 VBoxAswDrv - ok
15:42:04.0771 0x0224 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:42:04.0887 0x0224 vdrvroot - ok
15:42:05.0092 0x0224 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
15:42:05.0155 0x0224 vds - ok
15:42:05.0216 0x0224 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:42:05.0300 0x0224 vga - ok
15:42:05.0325 0x0224 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
15:42:05.0430 0x0224 VgaSave - ok
15:42:05.0537 0x0224 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:42:05.0642 0x0224 vhdmp - ok
15:42:05.0721 0x0224 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
15:42:05.0787 0x0224 viaide - ok
15:42:06.0186 0x0224 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:42:06.0262 0x0224 volmgr - ok
15:42:06.0391 0x0224 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:42:06.0516 0x0224 volmgrx - ok
15:42:06.0688 0x0224 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
15:42:06.0806 0x0224 volsnap - ok
15:42:06.0872 0x0224 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:42:07.0027 0x0224 vsmraid - ok
15:42:07.0375 0x0224 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
15:42:07.0494 0x0224 VSS - ok
15:42:07.0541 0x0224 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:42:07.0628 0x0224 vwifibus - ok
15:42:07.0676 0x0224 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:42:07.0772 0x0224 vwififlt - ok
15:42:07.0793 0x0224 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:42:07.0859 0x0224 vwifimp - ok
15:42:08.0003 0x0224 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
15:42:08.0084 0x0224 W32Time - ok
15:42:08.0125 0x0224 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:42:08.0217 0x0224 WacomPen - ok
15:42:08.0266 0x0224 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:42:09.0020 0x0224 WANARP - ok
15:42:09.0067 0x0224 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:42:09.0157 0x0224 Wanarpv6 - ok
15:42:10.0094 0x0224 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
15:42:10.0236 0x0224 wbengine - ok
15:42:10.0334 0x0224 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:42:10.0483 0x0224 WbioSrvc - ok
15:42:10.0696 0x0224 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
15:42:10.0850 0x0224 wcncsvc - ok
15:42:10.0879 0x0224 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:42:10.0945 0x0224 WcsPlugInService - ok
15:42:10.0966 0x0224 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
15:42:11.0066 0x0224 Wd - ok
15:42:11.0680 0x0224 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:42:11.0942 0x0224 Wdf01000 - ok
15:42:12.0080 0x0224 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\windows\system32\wdi.dll
15:42:12.0157 0x0224 WdiServiceHost - ok
15:42:12.0164 0x0224 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\windows\system32\wdi.dll
15:42:12.0186 0x0224 WdiSystemHost - ok
15:42:12.0625 0x0224 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\windows\System32\webclnt.dll
15:42:12.0683 0x0224 WebClient - ok
15:42:12.0811 0x0224 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
15:42:12.0873 0x0224 Wecsvc - ok
15:42:12.0928 0x0224 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:42:13.0011 0x0224 wercplsupport - ok
15:42:13.0072 0x0224 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
15:42:13.0165 0x0224 WerSvc - ok
15:42:13.0223 0x0224 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:42:13.0291 0x0224 WfpLwf - ok
15:42:13.0307 0x0224 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:42:13.0381 0x0224 WIMMount - ok
15:42:13.0432 0x0224 WinDefend - ok
15:42:13.0444 0x0224 WinHttpAutoProxySvc - ok
15:42:13.0731 0x0224 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:42:13.0817 0x0224 Winmgmt - ok
15:42:13.0974 0x0224 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll
15:42:14.0100 0x0224 WinRM - ok
15:42:14.0175 0x0224 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\drivers\WinUsb.sys
15:42:14.0294 0x0224 WinUsb - ok
15:42:14.0560 0x0224 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
15:42:14.0644 0x0224 Wlansvc - ok
15:42:14.0679 0x0224 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:42:14.0945 0x0224 WmiAcpi - ok
15:42:15.0057 0x0224 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:42:15.0099 0x0224 wmiApSrv - ok
15:42:15.0182 0x0224 WMPNetworkSvc - ok
15:42:15.0220 0x0224 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
15:42:15.0275 0x0224 WPCSvc - ok
15:42:15.0359 0x0224 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:42:15.0400 0x0224 WPDBusEnum - ok
15:42:15.0450 0x0224 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:42:15.0596 0x0224 ws2ifsl - ok
15:42:15.0633 0x0224 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
15:42:15.0677 0x0224 wscsvc - ok
15:42:15.0681 0x0224 WSearch - ok
15:42:16.0783 0x0224 [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv C:\windows\system32\wuaueng.dll
15:42:17.0409 0x0224 wuauserv - ok
15:42:17.0586 0x0224 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:42:17.0695 0x0224 WudfPf - ok
15:42:17.0746 0x0224 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:42:17.0914 0x0224 WUDFRd - ok
15:42:17.0959 0x0224 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:42:18.0024 0x0224 wudfsvc - ok
15:42:18.0092 0x0224 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
15:42:18.0149 0x0224 WwanSvc - ok
15:42:18.0295 0x0224 [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
15:42:18.0505 0x0224 yukonw7 - ok
15:42:18.0531 0x0224 ================ Scan global ===============================
15:42:18.0692 0x0224 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\windows\system32\basesrv.dll
15:42:18.0788 0x0224 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\windows\system32\winsrv.dll
15:42:18.0865 0x0224 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\windows\system32\winsrv.dll
15:42:18.0928 0x0224 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
15:42:19.0068 0x0224 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
15:42:19.0088 0x0224 [ Global ] - ok
15:42:19.0089 0x0224 ================ Scan MBR ==================================
15:42:19.0126 0x0224 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
15:42:20.0385 0x0224 \Device\Harddisk0\DR0 - ok
15:42:20.0386 0x0224 ================ Scan VBR ==================================
15:42:20.0414 0x0224 [ 377D7E08FDF136635779511095F2CA43 ] \Device\Harddisk0\DR0\Partition1
15:42:20.0445 0x0224 \Device\Harddisk0\DR0\Partition1 - ok
15:42:20.0553 0x0224 [ 329235B48ED6F1B9BCBC5415E3C9E077 ] \Device\Harddisk0\DR0\Partition2
15:42:20.0564 0x0224 \Device\Harddisk0\DR0\Partition2 - ok
15:42:20.0621 0x0224 [ BED35CDF781A42631F46DEE1922B75C1 ] \Device\Harddisk0\DR0\Partition3
15:42:20.0651 0x0224 \Device\Harddisk0\DR0\Partition3 - ok
15:42:20.0652 0x0224 ================ Scan generic autorun ======================
15:42:22.0783 0x0224 [ 1E1FDBB3DF6EAE61984AEBC213271175, FA92FD4BBC60A3795FCAC90EC8A64A10E8C665A22B4B40F531685A043642C11E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:42:23.0407 0x0224 RtHDVCpl - ok
15:42:23.0419 0x0224 SynTPEnh - ok
15:42:23.0792 0x0224 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe
15:42:23.0874 0x0224 MSC - ok
15:42:24.0961 0x0224 [ 4AAC19F22922CF81EA13E3BF610618DC, 897B027FBDBE507FDC5F624B0083BE79EE09080217EF02EAFB4CDD50DFB623D7 ] C:\Program Files (x86)\CHIPDRIVE\CHIPDRIVE MyKey\MyKey\MyKey.exe
15:42:25.0201 0x0224 MyKey - ok
15:42:26.0822 0x0224 [ 8A312D5764B4FC4C55CEDDEED4652CF1, C4E726C9C77614CD32D5B76DA2E9A049EC490C2392D9A94B84712BCBF47BA7C6 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:42:27.0022 0x0224 AvastUI.exe - ok
15:42:27.0333 0x0224 [ E9C15F5EBCA836E50ACE2DA57BFA53B7, F28CBD3AD4D887CB72BED605716E130B276A0D194B94AEEF12054420E8325B31 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:42:27.0385 0x0224 SunJavaUpdateSched - ok
15:42:27.0815 0x0224 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:42:27.0883 0x0224 Sidebar - ok
15:42:27.0933 0x0224 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:42:28.0014 0x0224 mctadmin - ok
15:42:28.0690 0x0224 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:42:28.0741 0x0224 Sidebar - ok
15:42:28.0775 0x0224 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:42:28.0800 0x0224 mctadmin - ok
15:42:29.0130 0x0224 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Hans\AppData\Local\Dropbox\Update\DropboxUpdate.exe
15:42:29.0163 0x0224 Dropbox Update - ok
15:42:29.0628 0x0224 [ 2287DAEA100837E40232FD9053F635D8, 8E905B8BC72F8DD6C7C71A7E04CD8D8EC1E9AD2B77EF5A48E089E439A75043D6 ] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE
15:42:29.0675 0x0224 EPLTarget\P0000000000000000 - ok
15:42:29.0839 0x0224 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:42:29.0890 0x0224 Sidebar - ok
15:42:29.0906 0x0224 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:42:29.0932 0x0224 mctadmin - ok
15:42:29.0932 0x0224 Waiting for KSN requests completion. In queue: 13
15:42:30.0932 0x0224 Waiting for KSN requests completion. In queue: 13
15:42:31.0932 0x0224 Waiting for KSN requests completion. In queue: 13
15:42:32.0402 0x0ccc Object required for P2P: [ 8A312D5764B4FC4C55CEDDEED4652CF1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:42:32.0932 0x0224 Waiting for KSN requests completion. In queue: 10
15:42:33.0932 0x0224 Waiting for KSN requests completion. In queue: 10
15:42:34.0933 0x0224 Waiting for KSN requests completion. In queue: 10
15:42:34.0982 0x0ccc Object send P2P result: true
15:42:35.0953 0x0224 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
15:42:36.0371 0x0224 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41000 ( enabled : updated )
15:42:36.0375 0x0224 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2245.1540 ), 0x41010 ( enabled )
15:42:38.0836 0x0224 ============================================================
15:42:38.0836 0x0224 Scan finished
15:42:38.0836 0x0224 ============================================================
15:42:38.0856 0x1b0c Detected object count: 0
15:42:38.0856 0x1b0c Actual detected object count: 0
|
|
24.12.2015, 17:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit in syswow64 Auf dem Briefmarkenbild kann wer etwas erkennen?  Wieso postest du nicht einfach die komplette Meldung von Avast, warum so umstöndlich?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.12.2015, 19:54
| #5 |
| | Rootkit in syswow64 Komisch. war eigentlich verlinkt als klickbares Bild, um es zu vergrössern. Hier nochmal (einen log als .txt file hab ich im AVAST nicht gefunden, sonst hätt ich es geschickt):  |
|
25.12.2015, 00:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit in syswow64 Danke, das ist wirklich besser! Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Rootkit in syswow64 |
|
25.12.2015, 15:33
| #7 |
| | Rootkit in syswow64 Anbei der log von mbam. Es wurde nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.12.25.03
rootkit: v2015.12.18.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Hans :: LAPTOP [administrator]
25.12.2015 12:29:00
mbar-log-2015-12-25 (12-29-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 399229
Time elapsed: 53 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
26.12.2015, 23:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rootkit in syswow64 Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rootkit in syswow64 |
| antivirus, defender, desktop, device driver, dnsapi.dll, downloadprotect, excel, firefox, flash player, google, home, homepage, installation, mozilla, onedrive, port, prozesse, realtek, registry, rootkit, scan, security, services.exe, software, starten, svchost.exe, system, udp, windows |
Linear-Darstellung
