| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Trojan.KD.1998Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.01.2016, 15:59
| #1 |
 |  Windows 7 Trojan.KD.1998 Hallo zusammen, mein PC war ungewöhnlich langsam gewesen, daher habe ich versucht die Ursache herauszufinden. Ich habe mit Panda Security und Malwarebytes Anti-Malware jeweils einen Scan durchgeführt. Beide fanden gar nichts. Danach habe ich mit einem Ubuntu Live Usb, das System mit Bitdefender für Linux gescannt. Bitdefender fand eine Datei mit dem Namen: Trojan.KD.1998. Alle Versuche die Datei zu desinfizieren oder in die Quarantäne zu verschieben, schlugen fehl. Deshalb habe ich eine Neuinstallation von Win7 vorgenommen. Nun ist der PC extrem langsam und ich bin mir nicht sicher, ob die Gefahrenquelle gebannt ist, da eventuell auch mein Laptop infiziert sein könnte. Gruß shaikan Es wäre sehr nett, wenn mir einer helfen könnte. |
|
25.01.2016, 19:05
| #2 |
| /// TB-Ausbilder   | Windows 7 Trojan.KD.1998 Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
25.01.2016, 20:19
| #3 |
| | Windows 7 Trojan.KD.1998 So, hier ist der Logfile vom TDSSKILLER
__________________Code:
ATTFilter
20:17:12.0460 0x0c64 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
20:17:16.0797 0x0c64 ============================================================
20:17:16.0797 0x0c64 Current date / time: 2016/01/25 20:17:16.0797
20:17:16.0797 0x0c64 SystemInfo:
20:17:16.0797 0x0c64
20:17:16.0797 0x0c64 OS Version: 6.1.7601 ServicePack: 1.0
20:17:16.0797 0x0c64 Product type: Workstation
20:17:16.0797 0x0c64 ComputerName: JIMMY
20:17:16.0797 0x0c64 UserName: Kevin Koch
20:17:16.0797 0x0c64 Windows directory: C:\Windows
20:17:16.0797 0x0c64 System windows directory: C:\Windows
20:17:16.0797 0x0c64 Running under WOW64
20:17:16.0797 0x0c64 Processor architecture: Intel x64
20:17:16.0797 0x0c64 Number of processors: 8
20:17:16.0797 0x0c64 Page size: 0x1000
20:17:16.0797 0x0c64 Boot type: Normal boot
20:17:16.0797 0x0c64 ============================================================
20:17:18.0388 0x0c64 KLMD registered as C:\Windows\system32\drivers\35407639.sys
20:17:18.0669 0x0c64 System UUID: {6ECEF5F2-89F2-145F-B472-9D58293B41F8}
20:17:19.0215 0x0c64 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:17:19.0230 0x0c64 ============================================================
20:17:19.0230 0x0c64 \Device\Harddisk0\DR0:
20:17:19.0230 0x0c64 MBR partitions:
20:17:19.0230 0x0c64 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:17:19.0230 0x0c64 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:17:19.0230 0x0c64 ============================================================
20:17:19.0246 0x0c64 C: <-> \Device\Harddisk0\DR0\Partition2
20:17:19.0246 0x0c64 ============================================================
20:17:19.0246 0x0c64 Initialize success
20:17:19.0246 0x0c64 ============================================================
20:17:25.0782 0x1280 ============================================================
20:17:25.0782 0x1280 Scan started
20:17:25.0782 0x1280 Mode: Manual; SigCheck; TDLFS;
20:17:25.0782 0x1280 ============================================================
20:17:25.0782 0x1280 KSN ping started
20:17:28.0247 0x1280 KSN ping finished: true
20:17:29.0308 0x1280 ================ Scan system memory ========================
20:17:29.0308 0x1280 System memory - ok
20:17:29.0308 0x1280 ================ Scan services =============================
20:17:29.0480 0x1280 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:17:29.0620 0x1280 1394ohci - ok
20:17:29.0667 0x1280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:17:29.0682 0x1280 ACPI - ok
20:17:29.0714 0x1280 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:17:29.0745 0x1280 AcpiPmi - ok
20:17:29.0792 0x1280 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:17:29.0823 0x1280 adp94xx - ok
20:17:29.0870 0x1280 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:17:29.0870 0x1280 adpahci - ok
20:17:29.0901 0x1280 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:17:29.0916 0x1280 adpu320 - ok
20:17:29.0932 0x1280 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:17:29.0948 0x1280 AeLookupSvc - ok
20:17:29.0994 0x1280 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
20:17:30.0010 0x1280 AFD - ok
20:17:30.0057 0x1280 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:17:30.0057 0x1280 agp440 - ok
20:17:30.0088 0x1280 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:17:30.0104 0x1280 ALG - ok
20:17:30.0135 0x1280 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:17:30.0150 0x1280 aliide - ok
20:17:30.0197 0x1280 [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:17:30.0228 0x1280 AMD External Events Utility - ok
20:17:30.0244 0x1280 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:17:30.0260 0x1280 amdide - ok
20:17:30.0291 0x1280 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:17:30.0291 0x1280 AmdK8 - ok
20:17:30.0322 0x1280 amdkmdag - ok
20:17:30.0400 0x1280 [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:17:30.0431 0x1280 amdkmdap - ok
20:17:30.0462 0x1280 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:17:30.0478 0x1280 AmdPPM - ok
20:17:30.0509 0x1280 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:17:30.0509 0x1280 amdsata - ok
20:17:30.0556 0x1280 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:17:30.0572 0x1280 amdsbs - ok
20:17:30.0587 0x1280 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:17:30.0587 0x1280 amdxata - ok
20:17:30.0618 0x1280 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
20:17:30.0618 0x1280 AppID - ok
20:17:30.0650 0x1280 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:17:30.0665 0x1280 AppIDSvc - ok
20:17:30.0696 0x1280 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
20:17:30.0712 0x1280 Appinfo - ok
20:17:30.0743 0x1280 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:17:30.0743 0x1280 arc - ok
20:17:30.0759 0x1280 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:17:30.0759 0x1280 arcsas - ok
20:17:30.0852 0x1280 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:17:30.0868 0x1280 aspnet_state - ok
20:17:30.0884 0x1280 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:30.0915 0x1280 AsyncMac - ok
20:17:30.0930 0x1280 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:17:30.0946 0x1280 atapi - ok
20:17:30.0977 0x1280 [ 80AA9265E820A8667EDEF731E31335B6, 549DC0BCF988F25CF3F89A784DC9B97C6D4DF697302F5CF467EFA2B816991A52 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:17:30.0977 0x1280 AtiHDAudioService - ok
20:17:31.0040 0x1280 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:17:31.0071 0x1280 AudioEndpointBuilder - ok
20:17:31.0086 0x1280 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:17:31.0118 0x1280 AudioSrv - ok
20:17:31.0133 0x1280 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:17:31.0149 0x1280 AxInstSV - ok
20:17:31.0196 0x1280 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:17:31.0211 0x1280 b06bdrv - ok
20:17:31.0258 0x1280 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:17:31.0274 0x1280 b57nd60a - ok
20:17:31.0320 0x1280 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:17:31.0336 0x1280 BDESVC - ok
20:17:31.0367 0x1280 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:17:31.0383 0x1280 Beep - ok
20:17:31.0430 0x1280 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:17:31.0461 0x1280 BFE - ok
20:17:31.0508 0x1280 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
20:17:31.0539 0x1280 BITS - ok
20:17:31.0554 0x1280 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:17:31.0570 0x1280 blbdrive - ok
20:17:31.0601 0x1280 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:17:31.0617 0x1280 bowser - ok
20:17:31.0632 0x1280 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:17:31.0648 0x1280 BrFiltLo - ok
20:17:31.0648 0x1280 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:17:31.0648 0x1280 BrFiltUp - ok
20:17:31.0695 0x1280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:17:31.0726 0x1280 Browser - ok
20:17:31.0757 0x1280 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:17:31.0773 0x1280 Brserid - ok
20:17:31.0788 0x1280 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:17:31.0804 0x1280 BrSerWdm - ok
20:17:31.0804 0x1280 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:17:31.0820 0x1280 BrUsbMdm - ok
20:17:31.0820 0x1280 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:17:31.0835 0x1280 BrUsbSer - ok
20:17:31.0835 0x1280 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:17:31.0851 0x1280 BTHMODEM - ok
20:17:31.0866 0x1280 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:17:31.0898 0x1280 bthserv - ok
20:17:31.0913 0x1280 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:17:31.0944 0x1280 cdfs - ok
20:17:31.0976 0x1280 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:17:31.0976 0x1280 cdrom - ok
20:17:32.0007 0x1280 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:17:32.0038 0x1280 CertPropSvc - ok
20:17:32.0054 0x1280 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:17:32.0069 0x1280 circlass - ok
20:17:32.0100 0x1280 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
20:17:32.0116 0x1280 CLFS - ok
20:17:32.0178 0x1280 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:32.0178 0x1280 clr_optimization_v2.0.50727_32 - ok
20:17:32.0194 0x1280 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:32.0194 0x1280 clr_optimization_v2.0.50727_64 - ok
20:17:32.0256 0x1280 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:32.0288 0x1280 clr_optimization_v4.0.30319_32 - ok
20:17:32.0303 0x1280 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:32.0319 0x1280 clr_optimization_v4.0.30319_64 - ok
20:17:32.0350 0x1280 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:17:32.0366 0x1280 CmBatt - ok
20:17:32.0381 0x1280 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:17:32.0381 0x1280 cmdide - ok
20:17:32.0444 0x1280 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
20:17:32.0475 0x1280 CNG - ok
20:17:32.0490 0x1280 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:17:32.0506 0x1280 Compbatt - ok
20:17:32.0537 0x1280 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:17:32.0553 0x1280 CompositeBus - ok
20:17:32.0568 0x1280 COMSysApp - ok
20:17:32.0600 0x1280 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:17:32.0600 0x1280 crcdisk - ok
20:17:32.0646 0x1280 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:17:32.0678 0x1280 CryptSvc - ok
20:17:32.0724 0x1280 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:17:32.0756 0x1280 DcomLaunch - ok
20:17:32.0787 0x1280 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:17:32.0802 0x1280 defragsvc - ok
20:17:32.0834 0x1280 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:17:32.0849 0x1280 DfsC - ok
20:17:32.0896 0x1280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:17:32.0912 0x1280 Dhcp - ok
20:17:33.0005 0x1280 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
20:17:33.0036 0x1280 DiagTrack - ok
20:17:33.0052 0x1280 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:17:33.0099 0x1280 discache - ok
20:17:33.0114 0x1280 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:17:33.0130 0x1280 Disk - ok
20:17:33.0161 0x1280 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:17:33.0161 0x1280 Dnscache - ok
20:17:33.0192 0x1280 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:17:33.0208 0x1280 dot3svc - ok
20:17:33.0239 0x1280 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:17:33.0255 0x1280 DPS - ok
20:17:33.0286 0x1280 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:17:33.0286 0x1280 drmkaud - ok
20:17:33.0364 0x1280 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:17:33.0380 0x1280 DXGKrnl - ok
20:17:33.0411 0x1280 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:17:33.0426 0x1280 EapHost - ok
20:17:33.0505 0x1280 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:17:33.0568 0x1280 ebdrv - ok
20:17:33.0599 0x1280 [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] EFS C:\Windows\System32\lsass.exe
20:17:33.0615 0x1280 EFS - ok
20:17:33.0677 0x1280 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:17:33.0708 0x1280 ehRecvr - ok
20:17:33.0739 0x1280 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:17:33.0739 0x1280 ehSched - ok
20:17:33.0786 0x1280 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:17:33.0817 0x1280 elxstor - ok
20:17:33.0849 0x1280 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:17:33.0849 0x1280 ErrDev - ok
20:17:33.0895 0x1280 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:17:33.0942 0x1280 EventSystem - ok
20:17:33.0958 0x1280 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:17:33.0989 0x1280 exfat - ok
20:17:33.0989 0x1280 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:17:34.0020 0x1280 fastfat - ok
20:17:34.0067 0x1280 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:17:34.0098 0x1280 Fax - ok
20:17:34.0114 0x1280 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:17:34.0114 0x1280 fdc - ok
20:17:34.0145 0x1280 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:17:34.0176 0x1280 fdPHost - ok
20:17:34.0192 0x1280 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:17:34.0223 0x1280 FDResPub - ok
20:17:34.0239 0x1280 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:17:34.0254 0x1280 FileInfo - ok
20:17:34.0254 0x1280 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:17:34.0270 0x1280 Filetrace - ok
20:17:34.0301 0x1280 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:17:34.0317 0x1280 flpydisk - ok
20:17:34.0332 0x1280 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:17:34.0348 0x1280 FltMgr - ok
20:17:34.0395 0x1280 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
20:17:34.0426 0x1280 FontCache - ok
20:17:34.0473 0x1280 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:34.0488 0x1280 FontCache3.0.0.0 - ok
20:17:34.0504 0x1280 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:17:34.0519 0x1280 FsDepends - ok
20:17:34.0551 0x1280 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:17:34.0551 0x1280 Fs_Rec - ok
20:17:34.0597 0x1280 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:17:34.0613 0x1280 fvevol - ok
20:17:34.0660 0x1280 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:17:34.0660 0x1280 gagp30kx - ok
20:17:34.0738 0x1280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:17:34.0785 0x1280 gpsvc - ok
20:17:34.0800 0x1280 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:17:34.0816 0x1280 hcw85cir - ok
20:17:34.0847 0x1280 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:34.0878 0x1280 HdAudAddService - ok
20:17:34.0909 0x1280 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:17:34.0925 0x1280 HDAudBus - ok
20:17:34.0941 0x1280 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:17:34.0956 0x1280 HidBatt - ok
20:17:34.0972 0x1280 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:17:34.0987 0x1280 HidBth - ok
20:17:35.0003 0x1280 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:17:35.0019 0x1280 HidIr - ok
20:17:35.0050 0x1280 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
20:17:35.0081 0x1280 hidserv - ok
20:17:35.0112 0x1280 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:17:35.0112 0x1280 HidUsb - ok
20:17:35.0143 0x1280 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:17:35.0159 0x1280 hkmsvc - ok
20:17:35.0190 0x1280 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:35.0206 0x1280 HomeGroupListener - ok
20:17:35.0237 0x1280 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:35.0253 0x1280 HomeGroupProvider - ok
20:17:35.0268 0x1280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:17:35.0284 0x1280 HpSAMD - ok
20:17:35.0331 0x1280 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:17:35.0362 0x1280 HTTP - ok
20:17:35.0377 0x1280 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:17:35.0393 0x1280 hwpolicy - ok
20:17:35.0424 0x1280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:17:35.0440 0x1280 i8042prt - ok
20:17:35.0471 0x1280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:17:35.0487 0x1280 iaStorV - ok
20:17:35.0549 0x1280 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:35.0580 0x1280 idsvc - ok
20:17:35.0580 0x1280 IEEtwCollectorService - ok
20:17:35.0611 0x1280 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:17:35.0627 0x1280 iirsp - ok
20:17:35.0674 0x1280 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:17:35.0705 0x1280 IKEEXT - ok
20:17:35.0721 0x1280 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:17:35.0736 0x1280 intelide - ok
20:17:35.0767 0x1280 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:17:35.0783 0x1280 intelppm - ok
20:17:35.0799 0x1280 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:17:35.0845 0x1280 IPBusEnum - ok
20:17:35.0861 0x1280 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:35.0892 0x1280 IpFilterDriver - ok
20:17:35.0939 0x1280 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:17:35.0970 0x1280 iphlpsvc - ok
20:17:35.0986 0x1280 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:17:36.0017 0x1280 IPMIDRV - ok
20:17:36.0033 0x1280 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:17:36.0079 0x1280 IPNAT - ok
20:17:36.0111 0x1280 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:17:36.0111 0x1280 IRENUM - ok
20:17:36.0126 0x1280 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:17:36.0142 0x1280 isapnp - ok
20:17:36.0173 0x1280 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:17:36.0189 0x1280 iScsiPrt - ok
20:17:36.0204 0x1280 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:17:36.0220 0x1280 kbdclass - ok
20:17:36.0235 0x1280 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:17:36.0235 0x1280 kbdhid - ok
20:17:36.0267 0x1280 [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] KeyIso C:\Windows\system32\lsass.exe
20:17:36.0282 0x1280 KeyIso - ok
20:17:36.0298 0x1280 [ 0F776895884B8DC430A307D57FD867BB, F9E8C8A04D757CEAD86938BEEFFAD9750589037E16FB1A2B0A90E4484E1A6B65 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:17:36.0298 0x1280 KSecDD - ok
20:17:36.0329 0x1280 [ 28E75F316CCCD79337E4957C53017D4B, 3BABDA50B4CE72F7F9A0FD7A33DDB19463A01F188D46354E0B411FC0389C01BE ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:17:36.0329 0x1280 KSecPkg - ok
20:17:36.0345 0x1280 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:17:36.0376 0x1280 ksthunk - ok
20:17:36.0407 0x1280 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:17:36.0423 0x1280 KtmRm - ok
20:17:36.0454 0x1280 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:17:36.0485 0x1280 LanmanServer - ok
20:17:36.0516 0x1280 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:36.0532 0x1280 LanmanWorkstation - ok
20:17:36.0579 0x1280 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:17:36.0610 0x1280 lltdio - ok
20:17:36.0625 0x1280 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:17:36.0657 0x1280 lltdsvc - ok
20:17:36.0672 0x1280 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:17:36.0688 0x1280 lmhosts - ok
20:17:36.0703 0x1280 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:17:36.0719 0x1280 LSI_FC - ok
20:17:36.0719 0x1280 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:17:36.0735 0x1280 LSI_SAS - ok
20:17:36.0735 0x1280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:17:36.0735 0x1280 LSI_SAS2 - ok
20:17:36.0750 0x1280 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:17:36.0750 0x1280 LSI_SCSI - ok
20:17:36.0766 0x1280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:17:36.0781 0x1280 luafv - ok
20:17:36.0828 0x1280 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:17:36.0859 0x1280 MBAMProtector - ok
20:17:36.0937 0x1280 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:17:36.0984 0x1280 MBAMScheduler - ok
20:17:37.0047 0x1280 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
20:17:37.0078 0x1280 MBAMService - ok
20:17:37.0125 0x1280 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:17:37.0156 0x1280 MBAMSwissArmy - ok
20:17:37.0171 0x1280 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:17:37.0187 0x1280 MBAMWebAccessControl - ok
20:17:37.0218 0x1280 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:17:37.0234 0x1280 Mcx2Svc - ok
20:17:37.0265 0x1280 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:17:37.0265 0x1280 megasas - ok
20:17:37.0281 0x1280 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:17:37.0296 0x1280 MegaSR - ok
20:17:37.0327 0x1280 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:17:37.0343 0x1280 MEIx64 - ok
20:17:37.0359 0x1280 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:17:37.0390 0x1280 MMCSS - ok
20:17:37.0405 0x1280 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:17:37.0452 0x1280 Modem - ok
20:17:37.0468 0x1280 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:17:37.0468 0x1280 monitor - ok
20:17:37.0499 0x1280 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:17:37.0499 0x1280 mouclass - ok
20:17:37.0515 0x1280 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:17:37.0515 0x1280 mouhid - ok
20:17:37.0546 0x1280 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:17:37.0561 0x1280 mountmgr - ok
20:17:37.0624 0x1280 [ 98DA127D0AB8B6CB5773546AF60D9217, BB07F34552342CA40E843F80AA32C928C29EF81789605E53C795EFD564F2DA7F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:17:37.0639 0x1280 MozillaMaintenance - ok
20:17:37.0655 0x1280 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:17:37.0655 0x1280 mpio - ok
20:17:37.0686 0x1280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:17:37.0702 0x1280 mpsdrv - ok
20:17:37.0764 0x1280 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:17:37.0795 0x1280 MpsSvc - ok
20:17:37.0827 0x1280 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:17:37.0842 0x1280 MRxDAV - ok
20:17:37.0873 0x1280 [ 32B85C4923D895B2FB35821A799BA38D, 7A7E5D08F745DB9B498B4BE946325FF7DAA7FA27589D9423FCA4558D20780026 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:37.0889 0x1280 mrxsmb - ok
20:17:37.0905 0x1280 [ A572BEF41F3C55D7DAF24D2340C91FEC, 1E51EEFEABCDCB664CD39437C2275B160860FB433EAA8DC905D5BC742FD03529 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:37.0920 0x1280 mrxsmb10 - ok
20:17:37.0936 0x1280 [ C49F1C4CA74FC52AFB2E892D8E50EA39, 9E7A2453627A82AFF4CE3F285AFF105C3F92F423C07E5C43E76BEC523841B8F7 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:37.0951 0x1280 mrxsmb20 - ok
20:17:37.0967 0x1280 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:17:37.0967 0x1280 msahci - ok
20:17:37.0998 0x1280 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:17:37.0998 0x1280 msdsm - ok
20:17:38.0014 0x1280 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:17:38.0029 0x1280 MSDTC - ok
20:17:38.0045 0x1280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:17:38.0061 0x1280 Msfs - ok
20:17:38.0092 0x1280 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:17:38.0107 0x1280 mshidkmdf - ok
20:17:38.0123 0x1280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:17:38.0139 0x1280 msisadrv - ok
20:17:38.0170 0x1280 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:17:38.0185 0x1280 MSiSCSI - ok
20:17:38.0185 0x1280 msiserver - ok
20:17:38.0217 0x1280 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:17:38.0263 0x1280 MSKSSRV - ok
20:17:38.0263 0x1280 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:38.0279 0x1280 MSPCLOCK - ok
20:17:38.0279 0x1280 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:17:38.0310 0x1280 MSPQM - ok
20:17:38.0341 0x1280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:17:38.0373 0x1280 MsRPC - ok
20:17:38.0404 0x1280 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:17:38.0419 0x1280 mssmbios - ok
20:17:38.0466 0x1280 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:17:38.0497 0x1280 MSTEE - ok
20:17:38.0497 0x1280 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:17:38.0513 0x1280 MTConfig - ok
20:17:38.0513 0x1280 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:17:38.0529 0x1280 Mup - ok
20:17:38.0575 0x1280 [ 5BB03606E249FBFBC885E313C8FB9694, DC41B05C593CC79CB449F57AA9A52F132C00BD70C99C157831B133568F7DADFD ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
20:17:38.0591 0x1280 NanoServiceMain - ok
20:17:38.0638 0x1280 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:17:38.0685 0x1280 napagent - ok
20:17:38.0716 0x1280 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:17:38.0731 0x1280 NativeWifiP - ok
20:17:38.0778 0x1280 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:17:38.0809 0x1280 NDIS - ok
20:17:38.0841 0x1280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:38.0856 0x1280 NdisCap - ok
20:17:38.0872 0x1280 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:38.0903 0x1280 NdisTapi - ok
20:17:38.0919 0x1280 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:38.0934 0x1280 Ndisuio - ok
20:17:38.0965 0x1280 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:38.0981 0x1280 NdisWan - ok
20:17:38.0997 0x1280 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:17:39.0012 0x1280 NDProxy - ok
20:17:39.0043 0x1280 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:17:39.0059 0x1280 NetBIOS - ok
20:17:39.0106 0x1280 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:17:39.0153 0x1280 NetBT - ok
20:17:39.0168 0x1280 [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] Netlogon C:\Windows\system32\lsass.exe
20:17:39.0184 0x1280 Netlogon - ok
20:17:39.0215 0x1280 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:17:39.0246 0x1280 Netman - ok
20:17:39.0277 0x1280 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:39.0293 0x1280 NetMsmqActivator - ok
20:17:39.0293 0x1280 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:39.0309 0x1280 NetPipeActivator - ok
20:17:39.0340 0x1280 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:17:39.0387 0x1280 netprofm - ok
20:17:39.0387 0x1280 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:39.0402 0x1280 NetTcpActivator - ok
20:17:39.0402 0x1280 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:39.0402 0x1280 NetTcpPortSharing - ok
20:17:39.0433 0x1280 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:17:39.0449 0x1280 nfrd960 - ok
20:17:39.0465 0x1280 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
20:17:39.0480 0x1280 NlaSvc - ok
20:17:39.0511 0x1280 [ 39C66DD0CF8716B7C3F932B648DAD41C, 4CF2F24DB9DA8AAC4E9299C19F44CC293CBBD4C0A2ABB08C61FC860EE5EB4CD5 ] NNSALPC C:\Windows\system32\DRIVERS\NNSAlpc.sys
20:17:39.0527 0x1280 NNSALPC - ok
20:17:39.0543 0x1280 [ 06C43C8D9B5AFDD564385E2A4D363678, 2D28F920321DA1775CF9F4F0DC9288B5FDA0233A0857861D693BA6DA6C9766B7 ] NNSHTTP C:\Windows\system32\DRIVERS\NNSHttp.sys
20:17:39.0543 0x1280 NNSHTTP - ok
20:17:39.0558 0x1280 [ 7403DD9C85A602FDC585DA374B65760F, 616BD09FAC75E5BAF22FEBC06899DFB741B483C77AC29AAAE948E97E6BF5CF32 ] NNSHTTPS C:\Windows\system32\DRIVERS\NNSHttps.sys
20:17:39.0558 0x1280 NNSHTTPS - ok
20:17:39.0558 0x1280 [ 6EFDD87CA13D50A676F54CF199A7759B, FE3B5FDCA3D45C43C9A5E83148615D7487E05781964C578B16617929913788DA ] NNSIDS C:\Windows\system32\DRIVERS\NNSIds.sys
20:17:39.0574 0x1280 NNSIDS - ok
20:17:39.0621 0x1280 [ D6C6BE2BBD8ECC91BD48E6504BD19B96, 782819400A1099B0275FE09ACB26179E66878C9D5234F3E61F0C1FE8FB9165E0 ] NNSNAHSL C:\Windows\system32\DRIVERS\NNSNAHSL.sys
20:17:39.0621 0x1280 NNSNAHSL - ok
20:17:39.0636 0x1280 [ 0C98D5CDD089E2FB3915094268AF7CC5, 7E60923408E5737ABA99B66661AC5EA46D8171AA40A73324407771C7E8A6D680 ] NNSPICC C:\Windows\system32\DRIVERS\NNSPicc.sys
20:17:39.0652 0x1280 NNSPICC - ok
20:17:39.0667 0x1280 [ 04F2C2ACDE4190D773038366A80DC03E, FABFE2DDD15353F8A8E91A49D1F0988C8C1F99EB3E351C16BDA4629B01455487 ] NNSPIHSW C:\Windows\system32\DRIVERS\NNSPihsw.sys
20:17:39.0667 0x1280 NNSPIHSW - ok
20:17:39.0683 0x1280 [ 903DFF78E6C45D2603C07A2BCB42E62B, D63B685C5EAFC1AEF31E51A4D84586E8555889E9BA19D625B2FD4522368CD27B ] NNSPOP3 C:\Windows\system32\DRIVERS\NNSPop3.sys
20:17:39.0683 0x1280 NNSPOP3 - ok
20:17:39.0699 0x1280 [ 35DD429050AC45C2BD3CC5C0837F5B9D, 2CDFD574C1C1166A83E74D8D9DD69C43E3658C09980870817F610D980452FF71 ] NNSPROT C:\Windows\system32\DRIVERS\NNSProt.sys
20:17:39.0699 0x1280 NNSPROT - ok
20:17:39.0714 0x1280 [ 6384E6538535F427815FD109BC4E9787, CDF9ECED00F275B3BD583D545F1D91BFF6D098B54C0712AE5D191DB342A55447 ] NNSPRV C:\Windows\system32\DRIVERS\NNSPrv.sys
20:17:39.0714 0x1280 NNSPRV - ok
20:17:39.0730 0x1280 [ 142494022B4461D631A54984E5C583F4, E04AABD3108A64601B69836E1D0A7A9F1CEA0CB2261E1AF10786A5008838C862 ] NNSSMTP C:\Windows\system32\DRIVERS\NNSSmtp.sys
20:17:39.0730 0x1280 NNSSMTP - ok
20:17:39.0745 0x1280 [ E7957CEBCA00326D910BC8288C60693E, 263E78D6D568A3FB40501F237C25243A4FD094BFD7190B566F2464E6005B764D ] NNSSTRM C:\Windows\system32\DRIVERS\NNSStrm.sys
20:17:39.0745 0x1280 NNSSTRM - ok
20:17:39.0777 0x1280 [ EFD286B66BB65FB1AEA8549E098E6844, EC39BDBC62B02530C1A588B58B1A66810A513E2D82B6DB3F95BB9E77FEF5654D ] NNSTLSC C:\Windows\system32\DRIVERS\NNSTlsc.sys
20:17:39.0777 0x1280 NNSTLSC - ok
20:17:39.0792 0x1280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:17:39.0808 0x1280 Npfs - ok
20:17:39.0839 0x1280 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:17:39.0855 0x1280 nsi - ok
20:17:39.0870 0x1280 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:17:39.0886 0x1280 nsiproxy - ok
20:17:39.0964 0x1280 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:17:39.0995 0x1280 Ntfs - ok
20:17:40.0026 0x1280 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:17:40.0042 0x1280 Null - ok
20:17:40.0073 0x1280 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:17:40.0073 0x1280 nvraid - ok
20:17:40.0089 0x1280 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:17:40.0104 0x1280 nvstor - ok
20:17:40.0120 0x1280 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:17:40.0135 0x1280 nv_agp - ok
20:17:40.0167 0x1280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:17:40.0182 0x1280 ohci1394 - ok
20:17:40.0213 0x1280 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:17:40.0229 0x1280 p2pimsvc - ok
20:17:40.0260 0x1280 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:17:40.0276 0x1280 p2psvc - ok
20:17:40.0307 0x1280 [ 19FF814C8A0688F69E9F14BDC48F919E, F14D447E739E1B6A858F60AB7AAAD625D23157475A0C7D27F65FD1AE559CEFF2 ] PandaAgent C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
20:17:40.0307 0x1280 PandaAgent - ok
20:17:40.0323 0x1280 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:17:40.0338 0x1280 Parport - ok
20:17:40.0369 0x1280 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:17:40.0369 0x1280 partmgr - ok
20:17:40.0385 0x1280 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:17:40.0401 0x1280 PcaSvc - ok
20:17:40.0416 0x1280 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:17:40.0416 0x1280 pci - ok
20:17:40.0447 0x1280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:17:40.0447 0x1280 pciide - ok
20:17:40.0479 0x1280 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:17:40.0479 0x1280 pcmcia - ok
20:17:40.0494 0x1280 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:17:40.0510 0x1280 pcw - ok
20:17:40.0541 0x1280 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:17:40.0557 0x1280 PEAUTH - ok
20:17:40.0650 0x1280 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:17:40.0666 0x1280 PerfHost - ok
20:17:40.0744 0x1280 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:17:40.0775 0x1280 pla - ok
20:17:40.0822 0x1280 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:17:40.0837 0x1280 PlugPlay - ok
20:17:40.0869 0x1280 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:17:40.0869 0x1280 PNRPAutoReg - ok
20:17:40.0884 0x1280 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:17:40.0900 0x1280 PNRPsvc - ok
20:17:40.0947 0x1280 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:17:40.0978 0x1280 PolicyAgent - ok
20:17:40.0993 0x1280 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:17:41.0025 0x1280 Power - ok
20:17:41.0056 0x1280 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:17:41.0071 0x1280 PptpMiniport - ok
20:17:41.0103 0x1280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:17:41.0118 0x1280 Processor - ok
20:17:41.0134 0x1280 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
20:17:41.0149 0x1280 ProfSvc - ok
20:17:41.0165 0x1280 [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:41.0165 0x1280 ProtectedStorage - ok
20:17:41.0196 0x1280 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:17:41.0243 0x1280 Psched - ok
20:17:41.0259 0x1280 [ 3A014E4C562659DC801B5B7070ACB65A, EFCCE81F6B810AAD7B467FCB16C29D6103B1DE2EAAA7A6EB496D5657A25CF362 ] PSINAflt C:\Windows\system32\DRIVERS\PSINAflt.sys
20:17:41.0274 0x1280 PSINAflt - ok
20:17:41.0290 0x1280 [ F5FAA996E33F6CE0CD7343AD4B90A5D6, 7D8620CCEBC8D62ED60D9BD88B6A200D8F13EC0A2DCD820456AC0A7B071A7951 ] PSINFile C:\Windows\system32\DRIVERS\PSINFile.sys
20:17:41.0305 0x1280 PSINFile - ok
20:17:41.0321 0x1280 [ 725BC59B3DB239F67A16455876C114C6, EBB482BF96C0580C2C251794B50208BCB53344AAD2C161AE89157D09A6068360 ] PSINKNC C:\Windows\system32\DRIVERS\psinknc.sys
20:17:41.0337 0x1280 PSINKNC - ok
20:17:41.0337 0x1280 [ 6EE476ED2D4D7F5E52F2D6A7B079B6B3, A219666A653D7187DD7AAD7F6BF8E071B6EE91036482CF78F56C3EDA83855E0A ] PSINProc C:\Windows\system32\DRIVERS\PSINProc.sys
20:17:41.0352 0x1280 PSINProc - ok
20:17:41.0352 0x1280 [ 04AF71ED29D3716F16D24D6FB5EACAB6, B78018D07CE0FED125BF4FA38FFAAB166017ED5D6DF14318DB2E84C7819B34D4 ] PSINProt C:\Windows\system32\DRIVERS\PSINProt.sys
20:17:41.0352 0x1280 PSINProt - ok
20:17:41.0383 0x1280 [ 1389ADE746CDE1A103F984FD7DB822DE, E46F4E6F8CA3F4FD1912C5C336B24EB09AEB8FEEA7D9CBCCB58E0254C0CD81FA ] PSINReg C:\Windows\system32\DRIVERS\PSINReg.sys
20:17:41.0383 0x1280 PSINReg - ok
20:17:41.0461 0x1280 [ 34309132ABE90878D54B6597B559EDEC, 4714EE9B65560E53CB558C2BBBA9446675939541EFC089E7B0B12D9161753D64 ] PSKMAD C:\Windows\system32\DRIVERS\PSKMAD.sys
20:17:41.0477 0x1280 PSKMAD - ok
20:17:41.0508 0x1280 [ 0104879261E702358C63D61404B20FC5, 0741827637D37EAF5EE08BEEACD3B88B413C5CC35B5EF358743C10C6CCB0E0E0 ] PSUAService C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
20:17:41.0524 0x1280 PSUAService - ok
20:17:41.0586 0x1280 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:17:41.0617 0x1280 ql2300 - ok
20:17:41.0633 0x1280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:17:41.0633 0x1280 ql40xx - ok
20:17:41.0664 0x1280 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:17:41.0680 0x1280 QWAVE - ok
20:17:41.0680 0x1280 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:17:41.0695 0x1280 QWAVEdrv - ok
20:17:41.0711 0x1280 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:17:41.0727 0x1280 RasAcd - ok
20:17:41.0773 0x1280 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:41.0805 0x1280 RasAgileVpn - ok
20:17:41.0820 0x1280 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:17:41.0851 0x1280 RasAuto - ok
20:17:41.0867 0x1280 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:41.0914 0x1280 Rasl2tp - ok
20:17:41.0945 0x1280 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:17:41.0976 0x1280 RasMan - ok
20:17:41.0992 0x1280 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:42.0023 0x1280 RasPppoe - ok
20:17:42.0023 0x1280 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:17:42.0054 0x1280 RasSstp - ok
20:17:42.0085 0x1280 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:17:42.0101 0x1280 rdbss - ok
20:17:42.0117 0x1280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:17:42.0132 0x1280 rdpbus - ok
20:17:42.0163 0x1280 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:42.0179 0x1280 RDPCDD - ok
20:17:42.0210 0x1280 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:17:42.0226 0x1280 RDPENCDD - ok
20:17:42.0226 0x1280 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:17:42.0257 0x1280 RDPREFMP - ok
20:17:42.0304 0x1280 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:17:42.0319 0x1280 RdpVideoMiniport - ok
20:17:42.0351 0x1280 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:17:42.0382 0x1280 RDPWD - ok
20:17:42.0413 0x1280 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:17:42.0429 0x1280 rdyboost - ok
20:17:42.0444 0x1280 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:17:42.0475 0x1280 RemoteAccess - ok
20:17:42.0491 0x1280 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:17:42.0522 0x1280 RemoteRegistry - ok
20:17:42.0538 0x1280 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:17:42.0553 0x1280 RpcEptMapper - ok
20:17:42.0569 0x1280 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:17:42.0585 0x1280 RpcLocator - ok
20:17:42.0616 0x1280 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:17:42.0647 0x1280 RpcSs - ok
20:17:42.0678 0x1280 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:17:42.0694 0x1280 rspndr - ok
20:17:42.0741 0x1280 [ AFC12DFA4C7B089673AD67402CA19EDB, 9CA430E8DFAE9B7A245FCD766CB60245418C80CEBCD2E9FACA9DE62E3E60ADDF ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:17:42.0756 0x1280 RTL8167 - ok
20:17:42.0819 0x1280 [ D74FE7DFA031FA2C6F96A26123814D3D, 6186159841A20C03810B867B0BA5423BBBEF640B0F506826268E7FF66358A24B ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:17:42.0850 0x1280 RTL8169 - ok
20:17:42.0865 0x1280 [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] SamSs C:\Windows\system32\lsass.exe
20:17:42.0881 0x1280 SamSs - ok
20:17:42.0897 0x1280 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:17:42.0897 0x1280 sbp2port - ok
20:17:42.0912 0x1280 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:17:42.0943 0x1280 SCardSvr - ok
20:17:42.0959 0x1280 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:17:42.0990 0x1280 scfilter - ok
20:17:43.0021 0x1280 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
20:17:43.0053 0x1280 Schedule - ok
20:17:43.0068 0x1280 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:17:43.0084 0x1280 SCPolicySvc - ok
20:17:43.0099 0x1280 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:17:43.0115 0x1280 SDRSVC - ok
20:17:43.0162 0x1280 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:17:43.0162 0x1280 secdrv - ok
20:17:43.0193 0x1280 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:17:43.0209 0x1280 seclogon - ok
20:17:43.0240 0x1280 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
20:17:43.0255 0x1280 SENS - ok
20:17:43.0271 0x1280 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:17:43.0271 0x1280 SensrSvc - ok
20:17:43.0287 0x1280 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:17:43.0287 0x1280 Serenum - ok
20:17:43.0333 0x1280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:17:43.0349 0x1280 Serial - ok
20:17:43.0365 0x1280 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:17:43.0380 0x1280 sermouse - ok
20:17:43.0411 0x1280 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:17:43.0443 0x1280 SessionEnv - ok
20:17:43.0458 0x1280 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:17:43.0474 0x1280 sffdisk - ok
20:17:43.0489 0x1280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:17:43.0489 0x1280 sffp_mmc - ok
20:17:43.0489 0x1280 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:17:43.0505 0x1280 sffp_sd - ok
20:17:43.0521 0x1280 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:17:43.0536 0x1280 sfloppy - ok
20:17:43.0583 0x1280 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:17:43.0630 0x1280 SharedAccess - ok
20:17:43.0645 0x1280 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:43.0677 0x1280 ShellHWDetection - ok
20:17:43.0723 0x1280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:17:43.0739 0x1280 SiSRaid2 - ok
20:17:43.0739 0x1280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:17:43.0755 0x1280 SiSRaid4 - ok
20:17:43.0770 0x1280 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:17:43.0801 0x1280 Smb - ok
20:17:43.0817 0x1280 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:17:43.0817 0x1280 SNMPTRAP - ok
20:17:43.0817 0x1280 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:17:43.0833 0x1280 spldr - ok
20:17:43.0864 0x1280 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
20:17:43.0895 0x1280 Spooler - ok
20:17:44.0004 0x1280 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:17:44.0082 0x1280 sppsvc - ok
20:17:44.0113 0x1280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:17:44.0129 0x1280 sppuinotify - ok
20:17:44.0160 0x1280 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:17:44.0176 0x1280 srv - ok
20:17:44.0191 0x1280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:17:44.0207 0x1280 srv2 - ok
20:17:44.0223 0x1280 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:17:44.0223 0x1280 srvnet - ok
20:17:44.0254 0x1280 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:17:44.0269 0x1280 SSDPSRV - ok
20:17:44.0269 0x1280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:17:44.0301 0x1280 SstpSvc - ok
20:17:44.0316 0x1280 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:17:44.0332 0x1280 stexstor - ok
20:17:44.0379 0x1280 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:17:44.0410 0x1280 stisvc - ok
20:17:44.0441 0x1280 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
20:17:44.0441 0x1280 swenum - ok
20:17:44.0472 0x1280 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:17:44.0503 0x1280 swprv - ok
20:17:44.0566 0x1280 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
20:17:44.0613 0x1280 SysMain - ok
20:17:44.0628 0x1280 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:44.0644 0x1280 TabletInputService - ok
20:17:44.0659 0x1280 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:17:44.0691 0x1280 TapiSrv - ok
20:17:44.0722 0x1280 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:17:44.0737 0x1280 TBS - ok
20:17:44.0831 0x1280 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:17:44.0862 0x1280 Tcpip - ok
20:17:44.0925 0x1280 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:17:44.0971 0x1280 TCPIP6 - ok
20:17:44.0987 0x1280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:17:45.0003 0x1280 tcpipreg - ok
20:17:45.0018 0x1280 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:17:45.0034 0x1280 TDPIPE - ok
20:17:45.0065 0x1280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:17:45.0065 0x1280 TDTCP - ok
20:17:45.0096 0x1280 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:17:45.0112 0x1280 tdx - ok
20:17:45.0127 0x1280 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
20:17:45.0127 0x1280 TermDD - ok
20:17:45.0174 0x1280 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
20:17:45.0190 0x1280 TermService - ok
20:17:45.0205 0x1280 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:17:45.0221 0x1280 Themes - ok
20:17:45.0237 0x1280 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:17:45.0252 0x1280 THREADORDER - ok
20:17:45.0346 0x1280 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:17:45.0377 0x1280 TrkWks - ok
20:17:45.0424 0x1280 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:45.0486 0x1280 TrustedInstaller - ok
20:17:45.0502 0x1280 [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:45.0517 0x1280 tssecsrv - ok
20:17:45.0564 0x1280 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:17:45.0580 0x1280 TsUsbFlt - ok
20:17:45.0627 0x1280 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:17:45.0673 0x1280 tunnel - ok
20:17:45.0689 0x1280 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:17:45.0705 0x1280 uagp35 - ok
20:17:45.0736 0x1280 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:17:45.0783 0x1280 udfs - ok
20:17:45.0798 0x1280 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:17:45.0798 0x1280 UI0Detect - ok
20:17:45.0829 0x1280 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:17:45.0829 0x1280 uliagpkx - ok
20:17:45.0861 0x1280 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
20:17:45.0861 0x1280 umbus - ok
20:17:45.0876 0x1280 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:17:45.0892 0x1280 UmPass - ok
20:17:45.0907 0x1280 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:17:45.0970 0x1280 upnphost - ok
20:17:46.0017 0x1280 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
20:17:46.0032 0x1280 usbccgp - ok
20:17:46.0063 0x1280 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:17:46.0079 0x1280 usbcir - ok
20:17:46.0095 0x1280 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:17:46.0110 0x1280 usbehci - ok
20:17:46.0126 0x1280 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:17:46.0141 0x1280 usbhub - ok
20:17:46.0157 0x1280 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:17:46.0157 0x1280 usbohci - ok
20:17:46.0188 0x1280 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:17:46.0204 0x1280 usbprint - ok
20:17:46.0219 0x1280 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:17:46.0219 0x1280 USBSTOR - ok
20:17:46.0251 0x1280 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:17:46.0266 0x1280 usbuhci - ok
20:17:46.0282 0x1280 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:17:46.0329 0x1280 UxSms - ok
20:17:46.0344 0x1280 [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] VaultSvc C:\Windows\system32\lsass.exe
20:17:46.0360 0x1280 VaultSvc - ok
20:17:46.0360 0x1280 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:17:46.0375 0x1280 vdrvroot - ok
20:17:46.0407 0x1280 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:17:46.0438 0x1280 vds - ok
20:17:46.0453 0x1280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:46.0469 0x1280 vga - ok
20:17:46.0485 0x1280 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:17:46.0500 0x1280 VgaSave - ok
20:17:46.0516 0x1280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:17:46.0531 0x1280 vhdmp - ok
20:17:46.0578 0x1280 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:17:46.0594 0x1280 viaide - ok
20:17:46.0609 0x1280 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:17:46.0625 0x1280 volmgr - ok
20:17:46.0656 0x1280 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:17:46.0687 0x1280 volmgrx - ok
20:17:46.0719 0x1280 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:17:46.0750 0x1280 volsnap - ok
20:17:46.0781 0x1280 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:17:46.0797 0x1280 vsmraid - ok
20:17:46.0859 0x1280 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:17:46.0906 0x1280 VSS - ok
20:17:46.0906 0x1280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:17:46.0921 0x1280 vwifibus - ok
20:17:46.0953 0x1280 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:17:46.0984 0x1280 W32Time - ok
20:17:46.0999 0x1280 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:17:46.0999 0x1280 WacomPen - ok
20:17:47.0031 0x1280 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:17:47.0077 0x1280 WANARP - ok
20:17:47.0093 0x1280 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:17:47.0109 0x1280 Wanarpv6 - ok
20:17:47.0155 0x1280 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:17:47.0187 0x1280 wbengine - ok
20:17:47.0218 0x1280 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:17:47.0249 0x1280 WbioSrvc - ok
20:17:47.0296 0x1280 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:17:47.0311 0x1280 wcncsvc - ok
20:17:47.0343 0x1280 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:47.0358 0x1280 WcsPlugInService - ok
20:17:47.0374 0x1280 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:17:47.0389 0x1280 Wd - ok
20:17:47.0421 0x1280 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:17:47.0452 0x1280 Wdf01000 - ok
20:17:47.0467 0x1280 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:17:47.0483 0x1280 WdiServiceHost - ok
20:17:47.0483 0x1280 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:17:47.0499 0x1280 WdiSystemHost - ok
20:17:47.0514 0x1280 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
20:17:47.0530 0x1280 WebClient - ok
20:17:47.0561 0x1280 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:17:47.0592 0x1280 Wecsvc - ok
20:17:47.0608 0x1280 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:17:47.0623 0x1280 wercplsupport - ok
20:17:47.0655 0x1280 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:17:47.0686 0x1280 WerSvc - ok
20:17:47.0701 0x1280 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:17:47.0717 0x1280 WfpLwf - ok
20:17:47.0733 0x1280 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:17:47.0733 0x1280 WIMMount - ok
20:17:47.0764 0x1280 WinDefend - ok
20:17:47.0764 0x1280 WinHttpAutoProxySvc - ok
20:17:47.0811 0x1280 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:17:47.0857 0x1280 Winmgmt - ok
20:17:47.0935 0x1280 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
20:17:47.0967 0x1280 WinRM - ok
20:17:48.0029 0x1280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:17:48.0060 0x1280 Wlansvc - ok
20:17:48.0091 0x1280 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:17:48.0107 0x1280 WmiAcpi - ok
20:17:48.0138 0x1280 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:17:48.0154 0x1280 wmiApSrv - ok
20:17:48.0201 0x1280 WMPNetworkSvc - ok
20:17:48.0216 0x1280 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:17:48.0247 0x1280 WPCSvc - ok
20:17:48.0263 0x1280 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:17:48.0294 0x1280 WPDBusEnum - ok
20:17:48.0310 0x1280 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:17:48.0341 0x1280 ws2ifsl - ok
20:17:48.0357 0x1280 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
20:17:48.0372 0x1280 wscsvc - ok
20:17:48.0372 0x1280 WSearch - ok
20:17:48.0450 0x1280 [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv C:\Windows\system32\wuaueng.dll
20:17:48.0497 0x1280 wuauserv - ok
20:17:48.0513 0x1280 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:17:48.0528 0x1280 WudfPf - ok
20:17:48.0544 0x1280 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:48.0559 0x1280 WUDFRd - ok
20:17:48.0559 0x1280 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:17:48.0575 0x1280 wudfsvc - ok
20:17:48.0591 0x1280 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:17:48.0606 0x1280 WwanSvc - ok
20:17:48.0606 0x1280 ================ Scan global ===============================
20:17:48.0637 0x1280 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
20:17:48.0653 0x1280 [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
20:17:48.0653 0x1280 [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
20:17:48.0669 0x1280 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:17:48.0700 0x1280 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:17:48.0715 0x1280 [ Global ] - ok
20:17:48.0715 0x1280 ================ Scan MBR ==================================
20:17:48.0731 0x1280 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:17:49.0074 0x1280 \Device\Harddisk0\DR0 - ok
20:17:49.0074 0x1280 ================ Scan VBR ==================================
20:17:49.0090 0x1280 [ 18882478EAC297942EC829AB08756A33 ] \Device\Harddisk0\DR0\Partition1
20:17:49.0137 0x1280 \Device\Harddisk0\DR0\Partition1 - ok
20:17:49.0168 0x04f8 Object required for P2P: [ 5BB03606E249FBFBC885E313C8FB9694 ] NanoServiceMain
20:17:49.0168 0x1280 [ 926C993883BAA0C09339CB7BFE8B9AD0 ] \Device\Harddisk0\DR0\Partition2
20:17:49.0230 0x1280 \Device\Harddisk0\DR0\Partition2 - ok
20:17:49.0230 0x1280 ================ Scan generic autorun ======================
20:17:49.0277 0x1280 [ 372A480C3E64CE1DFE5193BE78CB021D, B99926E3D2B8219B4D4276DA0CC1C1CAA5FDA088914EFDC55CD0ECD095A5016D ] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
20:17:49.0293 0x1280 PSUAMain - ok
20:17:49.0480 0x1280 [ D5DDC3EC0BF960389E9A964D7CC8CC30, 02C06CF596B33B1883C371EA9B61B1EC41319EFF853A54864329129699534769 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:17:49.0495 0x1280 StartCCC - ok
20:17:49.0589 0x1280 [ C3C11B38503519BE925A3221EAD703F1, 9904973C0BD57F1B561FAAEAF0DB2203D91D5DFC17BD9F9C417FE48A78DE0619 ] C:\PROGRA~2\Raptr\raptrstub.exe
20:17:49.0605 0x1280 Raptr - ok
20:17:49.0698 0x1280 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:49.0745 0x1280 Sidebar - ok
20:17:49.0761 0x1280 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:49.0776 0x1280 mctadmin - ok
20:17:49.0823 0x1280 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:17:49.0839 0x1280 Sidebar - ok
20:17:49.0854 0x1280 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:17:49.0870 0x1280 mctadmin - ok
20:17:49.0870 0x1280 Waiting for KSN requests completion. In queue: 218
20:17:50.0884 0x1280 Waiting for KSN requests completion. In queue: 218
20:17:51.0617 0x04f8 Object send P2P result: true
20:17:51.0898 0x1280 Waiting for KSN requests completion. In queue: 44
20:17:53.0021 0x1280 AV detected via SS2: Panda Free Antivirus, C:\Program Files (x86)\Panda Security\Panda Security Protection\PAV3WSC.exe ( 6.0.0.0 ), 0x71000 ( enabled : updated )
20:17:53.0021 0x1280 FW detected via SS2: Panda Firewall, C:\Program Files (x86)\Panda Security\Panda Security Protection\PAV3WSC.exe ( 6.0.0.0 ), 0x72010 ( disabled )
20:17:53.0037 0x1280 Win FW state via NFP2: enabled ( trusted )
FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:24-01-2016
durchgeführt von Kevin Koch (2016-01-25 20:39:17)
Gestartet von C:\Users\Kevin Koch\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-01-16 21:10:44)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3007122276-3245698194-1592786027-500 - Administrator - Disabled)
Gast (S-1-5-21-3007122276-3245698194-1592786027-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3007122276-3245698194-1592786027-1002 - Limited - Enabled)
Kevin Koch (S-1-5-21-3007122276-3245698194-1592786027-1000 - Administrator - Enabled) => C:\Users\Kevin Koch
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Panda Free Antivirus (Enabled - Out of date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Out of date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Enabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.06 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 8.20.00.0000 - Panda Security) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0404E2EE-B97F-4A49-9982-24A6DCE1030A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {980242C2-D5F2-4623-8A40-F39072BAA214} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-23] (Advanced Micro Devices, Inc.)
Task: {DA3A1E7C-FD4A-4171-BF89-9CA3656AC8D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-12-15 18:17 - 2015-12-15 18:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2015-10-21 21:29 - 2015-10-21 21:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2015-10-21 21:29 - 2015-10-21 21:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2015-06-27 00:09 - 2015-06-27 00:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2015-12-11 23:20 - 2015-12-11 23:20 - 02610944 _____ () C:\Program Files (x86)\Raptr\ltc_host_ex.DLL
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3007122276-3245698194-1592786027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin Koch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{A2E2EADE-8B74-4938-8111-A3430B9B39EE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1968E34B-D183-4942-81C2-E01C3B79B2B9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1093A34-8B88-4A04-AB25-7D6F77D3FC78}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{43E418DA-F81A-4F99-8E09-921598DBD512}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe
FirewallRules: [{FD20475F-E4B3-4A29-AD1E-BAE17E4BE287}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{71CF0D82-6979-4353-988E-2CA1A353B76C}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{D83AD1BB-D7A6-412A-BF81-750883CF4205}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{DDA68238-4C83-4B92-9C34-D4E74915706D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{202D6DD4-7B8F-4E0C-87E9-2593497663FB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DD076A0B-BA06-4119-9288-0177EA17E22A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
==================== Wiederherstellungspunkte =========================
17-01-2016 12:33:26 Windows Update
17-01-2016 13:13:20 Windows Update
17-01-2016 13:26:28 Windows Update
17-01-2016 13:28:59 Windows Update
17-01-2016 13:29:55 Windows Update
17-01-2016 13:31:57 Windows Update
17-01-2016 13:42:12 Windows Update
17-01-2016 13:47:31 Windows Update
25-01-2016 14:29:59 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
25-01-2016 14:30:30 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (01/25/2016 07:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x55c01e59
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1199, Zeitstempel: 0x55c01e59
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000041e36
ID des fehlerhaften Prozesses: 0x630
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Error: (01/25/2016 06:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CCC.exe, Version: 4.5.0.0, Zeitstempel: 0x54dca1de
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19110, Zeitstempel: 0x568429dd
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000b16d
ID des fehlerhaften Prozesses: 0x504
Startzeit der fehlerhaften Anwendung: 0xCCC.exe0
Pfad der fehlerhaften Anwendung: CCC.exe1
Pfad des fehlerhaften Moduls: CCC.exe2
Berichtskennung: CCC.exe3
Error: (01/25/2016 06:44:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: CCC.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.InvalidOperationException
Stapel:
bei System.Windows.Input.InputManager..ctor()
bei System.Windows.Input.InputManager.GetCurrentInputManagerImpl()
bei System.Windows.Input.KeyboardNavigation..ctor()
bei System.Windows.FrameworkElement.EnsureFrameworkServices()
bei System.Windows.FrameworkElement..ctor()
bei System.Windows.Controls.Control..ctor()
bei System.Windows.Window..ctor()
bei ATI.ACE.CLI.Component.CCCMessageBox.CCCMessageBox..ctor()
bei ATI.ACE.CLI.Component.CCCMessageBox.CCCMessageBox..ctor(System.String, System.String, IMAGEID)
bei ATI.ACE.CLI.Component.Dashboard.DBMainVMController.InformNoSettingsAndCloseCCC()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.TimerQueueTimer.CallCallback()
bei System.Threading.TimerQueueTimer.Fire()
bei System.Threading.TimerQueue.FireNextTimers()
Error: (01/17/2016 04:26:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.Vsa, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
Error: (01/17/2016 04:26:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020
Error: (01/17/2016 04:26:04 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Workflow.Runtime, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
Error: (01/17/2016 04:26:01 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Workflow.ComponentModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
Error: (01/17/2016 04:25:51 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
Error: (01/17/2016 04:25:46 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
Error: (01/17/2016 04:25:42 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020
Systemfehler:
=============
Error: (01/25/2016 07:08:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AMD External Events Utility erreicht.
Error: (01/25/2016 02:43:23 PM) (Source: cdrom) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error: (01/17/2016 01:21:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3075226)
Error: (01/17/2016 01:18:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3069762)
Error: (01/17/2016 01:17:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2965788)
Error: (01/17/2016 01:17:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2923545)
Error: (01/17/2016 01:16:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3121461)
Error: (01/17/2016 01:15:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070308 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3020388)
Error: (01/17/2016 11:35:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845)
Error: (01/17/2016 11:34:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 6120.18 MB
Verfügbarer physikalischer RAM: 4064.44 MB
Summe virtueller Speicher: 12238.56 MB
Verfügbarer virtueller Speicher: 9624.97 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:887.46 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 115B8287)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Der FRST.txt ist leider zu groß mit über 250000 Zeichen, wie soll ich ihn posten? Geändert von shaikan (25.01.2016 um 20:52 Uhr) |
|
26.01.2016, 14:01
| #4 | |
| /// TB-Ausbilder | Windows 7 Trojan.KD.1998Zitat:
|
|
26.01.2016, 17:03
| #5 |
| | Windows 7 Trojan.KD.1998 Hier die zip Datei vom FRST.txt |
|
26.01.2016, 20:10
| #6 |
| /// TB-Ausbilder | Windows 7 Trojan.KD.1998 Servus, Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
26.01.2016, 22:40
| #7 |
| | Windows 7 Trojan.KD.1998 AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.031 - Bericht erstellt am 26/01/2016 um 20:59:00
# Aktualisiert am 25/01/2016 von Xplode
# Datenbank : 2016-01-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Kevin Koch - JIMMY
# Gestartet von : C:\Users\Kevin Koch\Desktop\AdwCleaner_5.031.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
[-] [C:\Users\Kevin Koch\AppData\Roaming\Mozilla\Firefox\Profiles\octb4pmq.default-1453727784237\prefs.js] [Preference] Gelöscht : user_pref("browser.startup.homepage", "hxxps://ixquick.com/");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1342 Bytes] ##########
[/CODE] Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 26.01.2016 00:18, SYSTEM, JIMMY, Scheduler, Domain Database, 2016.1.25.4, 2016.1.25.7, Update, 26.01.2016 00:18, SYSTEM, JIMMY, Scheduler, Malware Database, 2016.1.25.3, 2016.1.25.5, Protection, 26.01.2016 00:18, SYSTEM, JIMMY, Protection, Refresh, Starting, Protection, 26.01.2016 00:18, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 00:18, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 00:18, SYSTEM, JIMMY, Protection, Refresh, Success, Protection, 26.01.2016 00:18, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 00:18, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Protection, 26.01.2016 16:10, SYSTEM, JIMMY, Protection, Malware Protection, Starting, Protection, 26.01.2016 16:10, SYSTEM, JIMMY, Protection, Malware Protection, Started, Protection, 26.01.2016 16:10, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 16:10, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Update, 26.01.2016 16:45, SYSTEM, JIMMY, Scheduler, Domain Database, 2016.1.25.7, 2016.1.26.4, Update, 26.01.2016 16:45, SYSTEM, JIMMY, Scheduler, Malware Database, 2016.1.25.5, 2016.1.26.4, Protection, 26.01.2016 16:45, SYSTEM, JIMMY, Protection, Refresh, Starting, Protection, 26.01.2016 16:45, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 16:45, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 16:45, SYSTEM, JIMMY, Protection, Refresh, Success, Protection, 26.01.2016 16:45, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 16:45, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Update, 26.01.2016 17:57, SYSTEM, JIMMY, Scheduler, Malware Database, 2016.1.26.4, 2016.1.26.5, Protection, 26.01.2016 17:57, SYSTEM, JIMMY, Protection, Refresh, Starting, Protection, 26.01.2016 17:57, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 17:57, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 17:57, SYSTEM, JIMMY, Protection, Refresh, Success, Protection, 26.01.2016 17:57, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 17:57, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Update, 26.01.2016 18:40, SYSTEM, JIMMY, Scheduler, Domain Database, 2016.1.26.4, 2016.1.26.5, Protection, 26.01.2016 18:40, SYSTEM, JIMMY, Protection, Refresh, Starting, Protection, 26.01.2016 18:40, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 18:40, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 18:40, SYSTEM, JIMMY, Protection, Refresh, Success, Protection, 26.01.2016 18:40, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 18:40, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Update, 26.01.2016 20:44, SYSTEM, JIMMY, Scheduler, Failed, No Internet connection detected, Update, 26.01.2016 20:47, SYSTEM, JIMMY, Scheduler, Domain Database, 2016.1.26.5, 2016.1.26.7, Update, 26.01.2016 20:47, SYSTEM, JIMMY, Scheduler, Malware Database, 2016.1.26.5, 2016.1.26.6, Protection, 26.01.2016 20:47, SYSTEM, JIMMY, Protection, Refresh, Starting, Protection, 26.01.2016 20:47, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 20:47, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 20:47, SYSTEM, JIMMY, Protection, Refresh, Success, Protection, 26.01.2016 20:47, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 20:47, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Protection, 26.01.2016 21:00, SYSTEM, JIMMY, Protection, Malware Protection, Starting, Protection, 26.01.2016 21:00, SYSTEM, JIMMY, Protection, Malware Protection, Started, Protection, 26.01.2016 21:00, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 21:00, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Protection, 26.01.2016 21:41, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 21:41, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 21:41, SYSTEM, JIMMY, Protection, Malware Protection, Stopping, Protection, 26.01.2016 21:41, SYSTEM, JIMMY, Protection, Malware Protection, Stopped, Protection, 26.01.2016 21:43, SYSTEM, JIMMY, Protection, Malware Protection, Starting, Protection, 26.01.2016 21:43, SYSTEM, JIMMY, Protection, Malware Protection, Started, Protection, 26.01.2016 21:43, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 21:43, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Update, 26.01.2016 21:43, SYSTEM, JIMMY, Manual, Remediation Database, 2015.9.16.1, 2016.1.23.1, Update, 26.01.2016 21:43, SYSTEM, JIMMY, Manual, Rootkit Database, 2015.9.18.1, 2016.1.20.1, Update, 26.01.2016 21:43, SYSTEM, JIMMY, Manual, IP Database, 2015.9.21.2, 2016.1.21.2, Update, 26.01.2016 21:43, SYSTEM, JIMMY, Manual, Domain Database, 2015.9.22.3, 2016.1.26.8, Update, 26.01.2016 21:44, SYSTEM, JIMMY, Manual, Malware Database, 2015.9.22.5, 2016.1.26.6, Protection, 26.01.2016 21:44, SYSTEM, JIMMY, Protection, Refresh, Starting, Protection, 26.01.2016 21:44, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 21:44, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 21:44, SYSTEM, JIMMY, Protection, Refresh, Success, Protection, 26.01.2016 21:44, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 21:44, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, Scan, 26.01.2016 22:04, SYSTEM, JIMMY, Manual, Start: 26.01.2016 21:46, Dauer: 18 Min. 4 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, Protection, 26.01.2016 22:16, SYSTEM, JIMMY, Protection, Malware Protection, Stopping, Protection, 26.01.2016 22:16, SYSTEM, JIMMY, Protection, Malware Protection, Stopped, Protection, 26.01.2016 22:16, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopping, Protection, 26.01.2016 22:16, SYSTEM, JIMMY, Protection, Malicious Website Protection, Stopped, Protection, 26.01.2016 22:31, SYSTEM, JIMMY, Protection, Malware Protection, Starting, Protection, 26.01.2016 22:31, SYSTEM, JIMMY, Protection, Malware Protection, Started, Protection, 26.01.2016 22:31, SYSTEM, JIMMY, Protection, Malicious Website Protection, Starting, Protection, 26.01.2016 22:31, SYSTEM, JIMMY, Protection, Malicious Website Protection, Started, (end) JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Kevin Koch (Administrator) on 26.01.2016 at 22:17:58,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\Users\Kevin Koch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VRY5BJ6 (Folder)
Successfully deleted: C:\Users\Kevin Koch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NGFGNOE1 (Folder)
Successfully deleted: C:\Users\Kevin Koch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6O10ACZ (Folder)
Successfully deleted: C:\Users\Kevin Koch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q1MGVF3O (Folder)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.01.2016 at 22:19:01,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/CODE] Die beiden neuen Logfiles von FRST sind wieder zu groß. Soll ich sie wieder als zip Datei anhängen oder sie auf mehrere Beiträge aufspalten? Ich frage lieber nach, bevor ich es falsch mache;-) Danke für deine Hilfe. Geändert von shaikan (26.01.2016 um 22:57 Uhr) |
|
27.01.2016, 16:42
| #8 |
| /// TB-Ausbilder | Windows 7 Trojan.KD.1998 Servus, ja, die Logdateien von FRST bitte wieder anhängen. Hat MBAM was gefunden? Bitte noch die richtige Logdatei posten: Lesestoff  MBAM-Funde posten: So gehts...Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden. Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
 |
|
27.01.2016, 18:26
| #9 |
| | Windows 7 Trojan.KD.1998 Moin, oh, habe ich die falsche Protokolldatei hochgeladen?!.  Hier nun die hoffentlich richtige und die beiden Anhänge. MBAM hat keine Bedrohungen gefunden. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 26.01.2016 Suchlaufzeit: 21:46 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.01.26.06 Rootkit-Datenbank: v2016.01.20.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kevin Koch Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 320317 Abgelaufene Zeit: 18 Min., 4 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Geändert von shaikan (27.01.2016 um 18:45 Uhr) |
|
28.01.2016, 16:57
| #10 |
| /// TB-Ausbilder | Windows 7 Trojan.KD.1998 Servus, wir entfernen die letzten Reste und kontrollieren nochmal alles.  Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 ESET Online Scanner
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
28.01.2016, 19:32
| #11 |
| | Windows 7 Trojan.KD.1998Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:24-01-2016
durchgeführt von Kevin Koch (2016-01-28 18:27:05) Run:1
Gestartet von C:\Users\Kevin Koch\Desktop
Geladene Profile: Kevin Koch & (Verfügbare Profile: Kevin Koch)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
start
CloseProcesses:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Prozess erfolgreich geschlossen.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3007122276-3245698194-1592786027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3007122276-3245698194-1592786027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3007122276-3245698194-1592786027-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3007122276-3245698194-1592786027-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl�sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= Ende von CMD: =========
EmptyTemp: => 1.3 GB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:27:16 ====
Code:
ATTFilter
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=58a6df6c7edba94eba8819d8d69dbb5b
# end=init
# utc_time=2016-01-28 05:40:20
# local_time=2016-01-28 06:40:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 27865
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=58a6df6c7edba94eba8819d8d69dbb5b
# end=updated
# utc_time=2016-01-28 05:48:29
# local_time=2016-01-28 06:48:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=58a6df6c7edba94eba8819d8d69dbb5b
# engine=27865
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-28 06:19:20
# local_time=2016-01-28 07:19:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 98 1022086 222048980 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 982471 205635010 0 0
# scanned=118437
# found=2
# cleaned=0
# scan_time=1850
sh=912293E09D09E3593B2C2C41703699B11D9C5C32 ft=1 fh=7bc24537c68587d4 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=8B9BC903197834A9121FDA53322678189BAB3754 ft=1 fh=cb3f6fe0d8deebd2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Kevin Koch\Downloads\7 Zip 64 Bit - CHIP-Installer.exe"
|
|
28.01.2016, 19:46
| #12 |
| | Windows 7 Trojan.KD.1998 Moin, die beiden Dateien waren wieder mal zu groß, deshalb habe ich sie wieder als zip Datei angehängt. Zu deiner Frage, Firefox startet nach dem Ausführen erst nach 47 Sekunden, immer, egal ob nach Systemneustart oder nachdem der PC eine Weile in Betrieb gewesen ist. Zudem habe ich bei voller Bilschirmauflösung (1920x1080) das Problem, dass der Bildschirminhalt zu groß für den Monitor ist. Sowohl Grafikkarte als auch Monitor sollten aber mit diesen Einstellungen kein Problem haben. Vor der Neuinstallation von Win7 funktionierte es auch. Geändert von shaikan (28.01.2016 um 20:04 Uhr) |
|
29.01.2016, 20:55
| #13 |
| /// TB-Ausbilder | Windows 7 Trojan.KD.1998 Servus, setze bitte Firefox wie folgt zurück: Firefox zurücksetzen startet der Browser dann schneller? Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. |
|
30.01.2016, 17:11
| #14 |
| | Windows 7 Trojan.KD.1998 Moin, ich habe Firefox zwar schon zweimal zurückgesetzt, aber erst jetzt, nach all diesen Suchläufen ist er wieder schnell.  So und hier die FSS.txt Datei: Code:
ATTFilter
Farbar Service Scanner Version: 27-01-2016
Ran by Kevin Koch (administrator) on 30-01-2016 at 16:57:35
Running from "C:\Users\Kevin Koch\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
31.01.2016, 10:50
| #15 | ||||||||||
| /// TB-Ausbilder | Windows 7 Trojan.KD.1998 Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
| Themen zu Windows 7 Trojan.KD.1998 |
| anti-malware, bitdefender, datei, defender, hallo zusammen, infiziert, langsam, laptop, linux, live, malwarebytes, namen, neuinstallation, panda security, pc extrem langsam, quarantäne, scan, security, system, ubuntu, usb, verschieben, win, win7, windows |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
