Mitteilung von 1&1 dass Zeus bei mir wohnt

zeuss · 09.04.2016, 11:10

Hallo zusammen,

vorgestern bekam ich eine Mitteilung meines providers, dass sich auf einem meiner Rechner "zeus" eingenistet hat. Ich habe gesehen, dass andere dieses Problem auch schon hatten und dass eine Bereinigung für einen Laien eher kompliziert ist. Der neueste Beitrag den ich zu diesem Thema fand war allerdings von 2013. Gibt es inzwischen bequemere Methoden das Teil loszuwerden???

Ich habe bereits das BitDefender ZBot Removal Tool über meine Rechner laufen lassen, hat nix gefunden. Danach HitmanPro, der hat malware gefunden, in einem mp4 player den ich ca. zum angegebenen Zeitpunkt des "Fundes" installiert hatte. das Zeug hab ich dann gelöscht. jetzt möchte ich natürlich, falls möglich, prüfen ob ich das Teil tatsächlich losgeworden bin.

Wie kann ich vorgehen?

Gruß

Martin

deeprybka · 09.04.2016, 16:23

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.

Los geht's:

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

zeuss · 10.04.2016, 08:00

Hallo Jürgen,

vielen Dank für die zügige Rückmeldung.

Hier die files:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
durchgeführt von ich (Administrator) auf ICH-PC (10-04-2016 08:41:21)
Gestartet von C:\Users\ich\Desktop
Geladene Profile: ich (Verfügbare Profile: ich)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 10 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
(Ascora GmbH) C:\Program Files (x86)\StartupStar\StartupStar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2626116637-620421503-1091596990-1001\...\MountPoints2: {3c1ad751-c578-11e3-a791-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-21-2626116637-620421503-1091596990-1001\...\MountPoints2: {6def58f0-e38a-11e5-bb66-001966c3c6bd} - K:\ting.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-17] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{96ABC17E-D33D-4DE2-8289-A7623C281F8B}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2626116637-620421503-1091596990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default
FF Homepage: hxxp://www.ebay.de/
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\searchplugins\amazon-search-suggestions.xml [2015-12-08]
FF SearchPlugin: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\searchplugins\avira-safesearch.xml [2015-11-30]
FF Extension: Google Translator for Firefox - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\extensions\translator@zoli.bod.xpi [2015-07-01]
FF Extension: Avira Browser Safety - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\Extensions\abs@avira.com [2016-03-16]
FF Extension: Avira SafeSearch - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\Extensions\safesearch@avira.com.xpi [2016-02-26]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-22] [ist nicht signiert]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-15] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-15] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
R2 avmident; C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe [76288 2011-09-27] (AVM Berlin) [Datei ist nicht signiert]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10 apoEdition\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-01-26] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-15] (Avira Operations GmbH & Co. KG)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [37216 2013-05-08] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-10 08:41 - 2016-04-10 08:41 - 00010251 _____ C:\Users\ich\Desktop\FRST.txt
2016-04-10 08:40 - 2016-04-10 08:41 - 00000000 ____D C:\FRST
2016-04-10 08:40 - 2016-04-10 08:38 - 02374144 _____ (Farbar) C:\Users\ich\Desktop\FRST64.exe
2016-04-10 08:38 - 2016-04-10 08:38 - 02374144 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2016-04-09 12:04 - 2016-04-09 12:05 - 11441744 _____ (SurfRight B.V.) C:\Users\ich\Downloads\hitmanpro_x64(1).exe
2016-04-08 20:12 - 2016-04-08 20:28 - 00000000 ____D C:\Users\ich\Desktop\Handy
2016-04-08 18:15 - 2016-04-08 19:21 - 00000000 ____D C:\Users\ich\Desktop\Dream Theater
2016-04-08 15:11 - 2016-04-08 15:11 - 00003150 _____ C:\Windows\system32\.crusader
2016-04-08 15:00 - 2016-04-08 15:11 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-08 14:59 - 2016-04-08 15:00 - 11441744 _____ (SurfRight B.V.) C:\Users\ich\Downloads\hitmanpro_x64.exe
2016-04-08 14:56 - 2016-04-08 14:56 - 02405664 _____ (Trend Micro Inc.) C:\Users\ich\Downloads\HousecallLauncher64.exe
2016-04-08 14:56 - 2016-04-08 14:56 - 00000036 _____ C:\Users\ich\AppData\Local\housecall.guid.cache
2016-04-06 17:49 - 2016-04-06 17:49 - 00000036 ____H C:\Users\ich\AppData\Roaming\swk.ini
2016-04-06 17:24 - 2016-04-06 17:24 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2016-04-06 17:22 - 2016-04-06 17:23 - 40639288 _____ (DVDVideoSoft Ltd. ) C:\Users\ich\Downloads\FreeYTVDownloader_4.1.6.328.exe
2016-03-30 17:07 - 2016-04-06 08:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-03-22 21:29 - 2016-03-23 16:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-04-10 08:40 - 2014-04-17 03:01 - 00699376 _____ C:\Windows\system32\perfh007.dat
2016-04-10 08:40 - 2014-04-17 03:01 - 00149516 _____ C:\Windows\system32\perfc007.dat
2016-04-10 08:40 - 2009-07-14 07:13 - 01620444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-10 08:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-10 08:33 - 2016-03-05 18:07 - 00000260 _____ C:\Windows\Tasks\StartupStar Firewall.job
2016-04-10 08:33 - 2014-04-17 09:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-10 08:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-09 14:23 - 2014-04-19 09:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-09 14:08 - 2009-07-14 06:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-09 14:08 - 2009-07-14 06:45 - 00029952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-08 18:23 - 2014-04-19 09:57 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 18:23 - 2014-04-19 09:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 18:23 - 2014-04-19 09:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 16:01 - 2016-03-05 18:04 - 00000418 _____ C:\Windows\Tasks\One-Click Optimizer WO12.job
2016-04-08 15:17 - 2014-12-27 15:54 - 00000000 ____D C:\Users\ich\AppData\Roaming\DVDVideoSoft
2016-04-08 15:11 - 2014-07-24 21:47 - 00000000 ____D C:\Users\ich\AppData\Local\Amazon Music
2016-04-05 15:21 - 2014-04-17 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-30 13:29 - 2014-04-17 18:28 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 apoEdition
2016-03-30 13:27 - 2015-12-14 10:37 - 00000000 ____D C:\Program Files (x86)\StarMoney 10 apoEdition
2016-03-27 14:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-03-24 12:18 - 2015-04-04 13:26 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 12:18 - 2015-04-04 13:26 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-15 15:14 - 2014-10-22 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-15 15:13 - 2014-10-22 09:15 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-03-15 15:13 - 2014-10-22 09:15 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-03-15 15:13 - 2014-10-22 09:15 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-03-12 16:38 - 2014-05-22 11:19 - 00000000 ____D C:\Users\ich\AppData\Roaming\vlc
2016-03-11 15:57 - 2015-11-04 23:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-04-25 13:28 - 2014-04-25 13:31 - 0001578 _____ () C:\Users\ich\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-05-08 13:12 - 2014-05-08 13:12 - 0000000 _____ () C:\Users\ich\AppData\Roaming\gdfw.log
2014-05-08 13:12 - 2014-05-08 13:12 - 0000779 _____ () C:\Users\ich\AppData\Roaming\gdscan.log
2016-04-06 17:49 - 2016-04-06 17:49 - 0000036 ____H () C:\Users\ich\AppData\Roaming\swk.ini
2016-04-08 14:56 - 2016-04-08 14:56 - 0000036 _____ () C:\Users\ich\AppData\Local\housecall.guid.cache

Einige Dateien in TEMP:
====================
C:\Users\ich\AppData\Local\Temp\avgnt.exe
C:\Users\ich\AppData\Local\Temp\_is85F5.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-04-04 10:55

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von ich (2016-04-10 08:41:58)
Gestartet von C:\Users\ich\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-16 15:13:01)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2626116637-620421503-1091596990-500 - Administrator - Disabled)
Gast (S-1-5-21-2626116637-620421503-1091596990-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2626116637-620421503-1091596990-1005 - Limited - Enabled)
ich (S-1-5-21-2626116637-620421503-1091596990-1001 - Administrator - Enabled) => C:\Users\ich

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2626116637-620421503-1091596990-1001\...\Amazon Amazon Music) (Version: 4.1.0.1229 - Amazon Services LLC)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 5 (HKLM-x32\...\{4209F371-ABC8-B772-DB8E-93F4772F58FA}_is1) (Version: 5.06.00 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 2016 (HKLM-x32\...\{4209F371-38F5-0B47-1C5B-A4A8456950A3}_is1) (Version: 12.00.40 - Ashampoo GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
AVM FRITZ!Box-Kindersicherung (HKLM-x32\...\{7497BB4F-CE23-47D4-B2CB-62548080F74F}) (Version: 4.2.3 - AVM Berlin)
Brother MFL-Pro Suite MFC-5890CN (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version:  - )
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Mozilla Thunderbird 38.7.2 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.7.2 (x86 de)) (Version: 38.7.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
StarMoney (x32 Version: 4.0.4.16 - StarFinanz) Hidden
StarMoney (x32 Version: 5.0.0.226 - StarFinanz) Hidden
StarMoney 10 apoEdition (HKLM-x32\...\{27A70488-0C64-4DB6-879C-EA8F96108A40}) (Version: 10 - Star Finanz GmbH)
StarMoney 9.0 apoEdition (HKLM-x32\...\{2A40FD02-33EF-4AD7-B5E3-1FCBCBA23CCC}) (Version: 9.0 - Star Finanz GmbH)
StartupStar (HKLM-x32\...\{C8A6121E-BE35-418D-91EF-A9536DA70B36}_is1) (Version: 8.0 - Abelssoft)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{520B03DF-8849-4DE7-A31C-DD6C5F1723E5}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{4A303CAA-B681-4F06-9274-44AF27FD75E0}) (Version: 22.00.8811 - Buhl Data Service GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {353B083E-441D-4EE6-A0B9-B36290D52735} - System32\Tasks\One-Click Optimizer WO12 => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\WO2016.exe [2016-01-20] (Ashampoo Development GmbH & Co. KG)
Task: {6B28C30E-F0DA-4CB4-9C1E-2464A6049B18} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {85763FBC-58EF-48E7-90D5-77F8610FC7E1} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {F502A744-4235-4DA2-A490-76F2FD5742E0} - System32\Tasks\StartupStar Firewall => C:\Program Files (x86)\StartupStar\StartupStar.exe [2016-01-11] (Ascora GmbH)
Task: {F964CEC6-283F-4BDF-A3A9-99124276363F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\One-Click Optimizer WO12.job => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2016\WO2016.exe
Task: C:\Windows\Tasks\StartupStar Firewall.job => C:\Program Files (x86)\StartupStar\StartupStar.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-04-17 09:35 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-05 18:07 - 2016-01-11 13:52 - 00060680 _____ () C:\Program Files (x86)\StartupStar\AbSettings.dll
2016-03-05 18:07 - 2016-01-11 13:52 - 01432840 _____ () C:\Program Files (x86)\StartupStar\AbGui.dll
2016-03-05 18:07 - 2016-01-11 13:52 - 00013576 _____ () C:\Program Files (x86)\StartupStar\AbAutostartManager.dll
2016-03-05 18:07 - 2016-01-11 13:52 - 00047880 _____ () C:\Program Files (x86)\StartupStar\AbApi.dll
2016-03-05 18:07 - 2016-01-11 13:52 - 00050440 _____ () C:\Program Files (x86)\StartupStar\StartupLogic.dll
2014-04-17 09:32 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-04-17 18:36 - 2007-05-31 07:38 - 00167936 ____N () C:\Windows\SysWOW64\SerialXP.dll
2016-02-13 19:47 - 2011-01-13 12:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 10 apoEdition\ouservice\PATCHW32.dll
2014-07-09 10:24 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\PATCHW32.dll
2016-03-30 17:07 - 2016-04-05 15:21 - 00153032 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2016-03-30 17:07 - 2016-04-05 15:21 - 00022472 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2626116637-620421503-1091596990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{063FC7CF-3DA1-4D89-942A-0439BCAB1313}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08y\FAXRX.exe
FirewallRules: [{3CDFF807-A1CB-4108-8C50-26C3E882F500}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08y\FAXRX.exe
FirewallRules: [{5001FC69-CA1D-4333-9F02-E51DB42A96DC}] => (Allow) LPort=54925
FirewallRules: [{F4CEA8D1-1B66-4CC1-8D5A-23444AF3ECF4}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{93EE3AD4-A379-4F75-87C8-48BCB8FE61C7}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{05CFC9FA-9847-41DB-AB49-58527DF2D479}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\app\StarMoney.exe
FirewallRules: [{441498A4-222C-4FD1-B020-C0C220B20F0F}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\app\StarMoney.exe
FirewallRules: [{C7CD1937-00F0-4984-9E3F-ECF72F165423}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22D9CBEF-623E-43D5-8B4D-33F0A771141C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F0DE683A-2C5A-4786-9FA4-FB3833319598}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CDDF1FA0-7B1B-40B8-A201-9859DED92FA4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9837DEE8-3787-45ED-BFE0-9F81153B2DD4}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [UDP Query User{627CB292-434F-4548-9F2F-CE9A28B11519}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [{8CAA390A-C921-4C73-80B9-42A6CDFAAE7C}] => (Allow) C:\BlueByte\Die Siedler IV\S4.exe
FirewallRules: [{C12B622A-DBF4-4BFA-996C-3300A2B1A67B}] => (Allow) C:\BlueByte\Die Siedler IV\S4.exe
FirewallRules: [{55FA6080-C28E-463A-BC11-59583BC3BEEF}] => (Allow) C:\BlueByte\Die Siedler IV\S4.exe
FirewallRules: [{0BE0FC13-EE0E-479B-99B0-77E2A96388E7}] => (Allow) C:\BlueByte\Die Siedler IV\S4.exe
FirewallRules: [TCP Query User{71CB8E8C-0946-4AF3-823D-A343BBFFA64B}C:\users\ich\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\ich\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{84EB52F6-6653-49CB-BBE1-7881886823E6}C:\users\ich\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\users\ich\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A33DD190-579C-4401-AA07-61CD7D9E2FA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A1B71B9-924A-4F09-9D7B-579AACE5C3E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD85F27B-33CE-4C07-AF46-C847ACEAB370}] => (Allow) C:\Program Files (x86)\StarMoney 10 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{13745ABA-9C15-4597-BF1F-93943E4B0895}] => (Allow) C:\Program Files (x86)\StarMoney 10 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{6D47F09F-317A-4C4E-9B2D-B63D843FC129}] => (Allow) C:\Program Files (x86)\StarMoney 10 apoEdition\app\StarMoney.exe
FirewallRules: [{E671C38A-3AC4-4F09-A644-7C4BDC163544}] => (Allow) C:\Program Files (x86)\StarMoney 10 apoEdition\app\StarMoney.exe
FirewallRules: [{86BEBC78-2A40-4C7B-A0A9-09040E33BAB5}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
FirewallRules: [{63FF1290-FB26-4B83-8F9B-4A63288F84FA}] => (Allow) C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (04/08/2016 03:11:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\ich\Downloads\hitmanpro_x64.exe /updated:"C:\Users\ich\AppData\Local\Temp\hitmanpro_x64.exe"; Beschreibung = Prüfpunkt von HitmanPro; Fehler = 0x80070422).

Error: (04/08/2016 03:10:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\ich\Downloads\hitmanpro_x64.exe /updated:"C:\Users\ich\AppData\Local\Temp\hitmanpro_x64.exe"; Beschreibung = Prüfpunkt von HitmanPro; Fehler = 0x80070422).

Error: (04/08/2016 09:56:18 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (04/05/2016 10:56:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (04/05/2016 09:11:33 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (04/04/2016 11:02:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (04/01/2016 11:44:49 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (03/30/2016 01:29:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (03/28/2016 10:35:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (03/27/2016 02:26:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).


Systemfehler:
=============
Error: (04/10/2016 08:33:38 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/09/2016 01:59:27 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/09/2016 10:44:34 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/08/2016 06:06:28 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/08/2016 03:14:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.

Error: (04/08/2016 03:14:08 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/08/2016 02:49:02 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/08/2016 09:50:46 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/07/2016 06:35:45 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error: (04/07/2016 05:05:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT-AUTORITÄT)
Description: Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich an den Computerhersteller, um aktualisierte Firmware zu erhalten.


==================== Speicherinformationen =========================== 

Prozessor: AMD Phenom(tm) 9600 Quad-Core Processor
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 6143.3 MB
Verfügbarer physikalischer RAM: 4109.1 MB
Summe virtueller Speicher: 12284.82 MB
Verfügbarer virtueller Speicher: 10017.8 MB

==================== Laufwerke ================================

Drive c: (Volume) (Fixed) (Total:232.88 GB) (Free:33.21 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive e: (SIV_MCD2_GER) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (KAMERA) (Removable) (Total:0.47 GB) (Free:0.44 GB) FAT
Drive l: () (Fixed) (Total:698.53 GB) (Free:153.25 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 28FB5FA4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: B70E6551)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 477.5 MB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

deeprybka · 10.04.2016, 19:43

Bitte mal das Log oder nen Screenshot aus der Quarantäne von HitmanPro posten.

zeuss · 11.04.2016, 08:25

Ich habe leider beim Hitman nur den Einmalscan gewählt und nun keine Ahnung wo ich die Quarantäneliste finden kann.

deeprybka · 11.04.2016, 21:34

HitmanPro starten, auf Einstellungen klicken. Dann Verlauf...

zeuss · 12.04.2016, 08:48

Hallo,

leider habe ich hitman nicht installiert, sondern nur den Einmalscan gemacht. Ich kann den zwar jetzt wieder starten, aber "Einstellungen" finde ich nirgends.

Hi, habs dann doch hingekriegt.

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.13.258
www.hitmanpro.com

   Computer name . . . . : ICH-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : ich-PC\ich
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2016-04-08 15:01:31
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 233

   Objects scanned . . . : 1.836.046
   Files scanned . . . . : 116.495
   Remnants scanned  . . : 705.100 files / 1.014.451 keys

Malware _____________________________________________________________________

   C:\Program Files (x86)\MP4 Player\Mp4Player.exe -> Deleted
      Size . . . . . . . : 772.096 bytes
      Age  . . . . . . . : 1.9 days (2016-04-06 17:48:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3B372FEF66170D4C8ADE9A759E4ED3FBA60F932B06CF3DCAB61499C9198B0414
      Product
      Publisher
      Description
      Version  . . . . . : 2.0.0.0
      Copyright
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 101.0
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\MP4 Player .lnk
      Forensic Cluster
         -1.0s C:\Program Files (x86)\MP4 Player\
         -0.0s C:\Program Files (x86)\MP4 Player\prog_ico.ico
          0.0s C:\Program Files (x86)\MP4 Player\Mp4Player.exe
          0.1s C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player\
          0.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\
          0.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\MP4 Player .lnk
          0.2s C:\Program Files (x86)\MP4 Player\uninst.exe
          1.2s C:\Users\ich\AppData\Local\Temp\htmpl.htm
          5.0s C:\Program Files (x86)\MP4 Player\swk.ini
          5.0s C:\Users\ich\AppData\Roaming\swk.ini

   C:\Users\ich\Downloads\BitDefender ZBot Removal Tool - CHIP-Installer.exe -> Deleted
      Size . . . . . . . : 1.475.080 bytes
      Age  . . . . . . . : 0.2 days (2016-04-08 10:12:35)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : BBA231AFDF76EE82F7AD47D98C93386E4FF628FEE26689253477D7C8D9EB0B61
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.efha
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
          0.0s C:\Users\ich\Downloads\BitDefender ZBot Removal Tool - CHIP-Installer.exe
          3.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5F1045CBB60E4D911A9A05B0968B2A9B4E59788D
          3.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0EAE930D8F12EE84D8640F3AEBA585D551E6EA7B
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D7E739EEEC69EAEE095538A8DA5FAA51BE9F0665
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\685DBDEA75313453AFA2A876B1CD9C5330A500A4
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4B511B7461E8B661024E8AA1976FDE32B86D00B5
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\843F3009AEA209BB5A4F782CEFDBABE52BD5C594
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\165694613D147DE9E1CF4FCBD6BB073AF60EC9AD
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\10DCD74AF66A8705D633416186AB940785B56F93
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\90B15747FD3A1B7D6BA3ED8A15D2D541534C5B85
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3042FC13BDF97C25EDE4FED57FE5619724B23D1A
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\436EC45F6F924AF2641EC985E3ECC6577CDBFD8D
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\16B10F06C5B60B672A2E48C63A73450BBC3E9CE2
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\13D2FAD134224461EF2698D4DAD5A4B05A2DFBF5
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C33EC8EF949F6FFED46126971C4DCA0511BF2BC8
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3CED90A91A44A7912AF6E8F7CF7F9CC593F7CD55
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\51E1EE914B1F15F6A7278FAE0CC0287D9F275D2E
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\19E7FCD2882A702315F92BDD1C0FFF349DB65D11
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B2F253AE839E813BA9C2A5B09DE4F70A5F2A1FF0
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EFCF4D65819C2BD0984468101CBE124633311329
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\530FE5927055CD241E9C17B73E716F60BB6777C4
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CDD3991B50A0C1988C238979B1C16459EC817295
         11.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\801FC1FFECDA983D5076815189B6997207365D1B
         12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\90DCA2D25DA660CE237175C985DC93EBEE554877
         12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F1ECAE356058E925454024286676E24B47BCFE85
         12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A6546CD14087EE806BF84878B9F0388073650670
         12.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0853428084D22BAD4611B26E6AF66F5F5F76F7B2
         13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2003E5AB2F98F741FCDE574622FA04A84CD44D5D
         13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D2BD5FC4D0471AB23A10811AAAA737646386DC7E
         13.8s C:\Users\ich\AppData\Local\Temp\DMR\qudumqkrobednnsp.dat
         13.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3318B988D55297BBA0E4E1392F30BB0C817254A0
         14.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6FEEE8F34513766666423ACF405E3B3ABF764D5E
         19.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\65B6AB20D8F7275AED3F276D060B0FEF39B6CAA8
         19.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3E11940E6D3CC8117E672F28B0C6FFF20B7DB78B
         20.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\360C6075410D1740D89A1CF7854739D941A73DC8
         20.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E7D58FE141347CDC4E6F3D8A4BFC077A36F6D4DE
         20.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CFCF380321304F1C4348446636A4AEDE19FD50E2
         20.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F3BC69D411A4F4B684C56EA334D35D38591222BF
         20.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8B3DEC421988A77E2FA3EB4008C183FB4204E0AF
         20.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A213F5854D159B45457B71373A2B70CDC081FB68
         20.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\041E87ACDA0BD727DCD2E15570F772D57227BD83
         20.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6BDFF07F4561E644654B3B6309F92AE07605AB74
         21.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E88087EF9A3894C1B663166110827732DD69361A
         21.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\15D1838CCE66CA0DAFF899E43661395C808FC786
         21.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A9D0EC016B4406C4FFB174203A092CF32E0888AB
         21.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B2A6C38E9FE01A47398ACFF0D46629FE2A62B05E
         21.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E818DBA19458E76AD6993216809572DEF9F579CC
         21.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8762858D195D1C899ED045FE9C35631A1378F9D5
         21.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A782E769645C71A266417BA1A7311A9586AD5EED
         21.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4B9BE9B41D10F947A4D61C747CD8A952A0824680
         21.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C3A2481E42DDF0CC6890C49B9424B6DAC68D6A2C
         22.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\672DE4AE8316BC3B8CBF93D4BAA2DF3F6B1FFDE7
         22.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\7E84785E4EDFD3B5D89FB0B6005293A30AA4F904
         22.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CC3324BA8F69C25A848FF14505DE542FB077C9C2
         22.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E2B51B0C1E4A8672C81A28805E8F41C5FCF0210F
         22.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\05C86909959122FD28518D2A615B192BBED56295
         23.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6239177B4958C06C5DC6B88A9C1888DEACEE2993
         23.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AF99768D73C6F953D86FCF74537B254CBDEDDABC
         23.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2BF649CDE4124C932E0FDC01E8CFEAA3D9AADC8B
         23.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AC5ACCA0F42A3FF8614FBF652EB8EDFD85CD8F0A
         23.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D9C769F30FE64FF422AAA0DD5B745F522A1AE469
         24.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\79BBAEDE2C6F25D086400C05C3318E664C85C9B3
         24.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A7F13D9AA4CFB3A0C0988FE19C514DAD04F73480
         24.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\786D3D1163DE5E53FF981AE34003FC30D24CE1B6
         24.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B0A9C70796B3E054BABD74F8B2616F25B2BC40A8
         25.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A307E9E7E62E145439BFD90C31FC71379BCC0E67
         25.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CF9AB9C4040DD3C9132CA28A1880FFB981158C82
         25.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\60FD713A42D2639CB993A873773693542371DC1E
         25.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\42D2409228E7A55E4294FB9976673D3B15560323
         25.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C5A41ABBB3850A49346ACBC9556B9D4ADC0AFEBE
         26.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\27F5868CE262779F5ECE818A47006466C22D3639
         26.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\BC00EFC214C6ED99EFB5DB6E4390E2EFAA8C2EC7
         26.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\62C7D1D7183E9D1C30BB0879D4A84CD0EF65160A
         26.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\68D3C526D9BDB7651880B31FD954E6FE123CDB4D
         26.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5805568D78A4842552AD22E93DA455CB22439471
         27.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6DA886CDFCD9D84E741E16ABDF4B131C7C12AF01
         27.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AE716EEEA7692B0D1E5A89EC26F3B81EF4D4187B
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E169E12F74FD19E9E6B7507B29C7448CF1BC7311
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0853A803FF4A6FDC6066A210AFEEB7CA529B0321
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B03C416D121B140E8671A5AE7C22031F722A8425
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D716FF715738012E971EE48838232855A19F2F10
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8C20F179220388EA9509539880053D00A4939771
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\81D0CC095DB5C21556C8D26A6144123BCD9D87BF
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6070A0AA1F1171A2725683848E9EF014F594EC37
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A0DCC3B8DC8B97834C39282133B087C081F28B51
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\87ADE25DBF6F6523A73FC2AA5B49C25DFE865182
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\48E0F23C7C4821F8153EA0DC2D02EBA1C1BC5BA5
         27.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E34DCD5321970957FD8A273B844CFD72A81E47D5
         27.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D691F80F0740C9515947228DFC51F851FBEFBD47
         27.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\474EE960CF745A8EA4D05C1F6E8C086FE3569972
         27.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\500F8C3F6F42DF1BF0ED079CBCF710382E167BB2
         27.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\633B1E8A717DDC0DCEDC44E00CE6D02B3BF2F787
         27.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\659320B87E267B642C6FC59E891D26845980D718
         27.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\517AFA5F11C781580BEF99A4BE9EE4CA22A89F15
         27.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E3C688D75B131EE9F19F090C8C60C97187B7DF94
         27.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\DBE4495C7C54254F9876C5C54259F5B40940AD58
         28.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EBC37C1E8CABF799E41A20E63F1C55C06A07FB5B
         28.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EECAF86D864D2252B19889B6BA66A2F06982DBCD
         28.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1F66889EED0046D524B3BB26023F0425D3384CD7
         28.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D3F99E81B7D18A4F8E01DE7CDA7F0FCF7A43AC9A
         28.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F7F262DA0CF206F2B1534BBB9C679C8B5990A1B4
         28.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9F7722D66071BCE1398EC863F0AD2EA9B163F4AB
         28.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1E86A1071D421459937CE67D802CCBFB7FAAC28C
         29.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E986729B236499770CEE999BEF748C6642227E52
         29.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\46AA93A4530A21E6F53368FCD456B0043587954B
         30.3s C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6Z2PHFJ\progress[1].htm
         30.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D0892627E05A436E377B6DA35ED3B21B2FB0B0F6
         30.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F1A0BB58BC03E2593113D7D24EE4C6E8DE01F1F0
         30.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\FF4143818E0E4948F51981B94B289A283ECACC88
         30.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2EA38ACAF688C12D27633DFE4626A9AD37C4B914
         30.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\FD502543C3301A3CC61DEF0DD7467B79B50BB511
         30.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E73EBD1E53DCDC8C7BA3F438304AE5844DAE8E29
         30.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E4D959A9B373CC5F26FA8F1BD9C7F8217329F70C
         30.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F8D4390A070426510AED08F14496DCE23AA479F0
         30.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8946710F239A8B22F3C1CCB4AE78C9A77AD2D430
         30.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\140EC4AE2908651C5C5AE9F0AFBD9541A1471E63
         30.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D88E21787749C91AF216E0417CE2B45394EFD782
         30.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EC4142C9DC01FE165BECB119355EADBDF2761A8F
         31.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A955B9D91A70E5C3785A4A4819B197ABBB24096A
         31.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0AE90BF776FEA9CAFAF12314F75F339EB11EBBF6
         31.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AA222A202F9FADEA3E5617D162F1F24C76663376
         31.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9F19089DD981DCE7D1B128F3321D09992AF83A60
         31.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EC83A40A778ABBD56D41F5030D5E83463B02B8CA
         31.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\48002F44620496CEBAB17FFD487A5A5B964E21B1
         31.6s C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B8FWYCG\progresspagead[1].htm
         31.7s C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6Z2PHFJ\Spielewelt[1].png
         31.8s C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTSLLA06\impression[1].htm
         32.0s C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2BQAHSB\pic[1].gif
         32.0s C:\Users\ich\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016040820160409\
         32.0s C:\Users\ich\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016040820160409\container.dat
         32.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2D58415701BA236D79EAA39196406545C27C433D

   C:\Users\ich\Downloads\MP4 Player - CHIP-Installer.exe -> Deleted
      Size . . . . . . . : 1.475.080 bytes
      Age  . . . . . . . : 1.9 days (2016-04-06 17:47:36)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : 935A7661489D0AA2DAC0307DA79F1FC2DD8CB34DEB30E5E08245E5346CB85480
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.efha
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -42.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\31AD563C9DA4E7FFE355778FBDACA029B95DE6AE
         -42.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F3BBA75651A336B930FFAE6689694B5CFCFEE53A
         -41.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6984799F58F5D0BC2B208AB4B4562928199B6A34
         -41.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F6A172F7D2C2B54D395AB97BEE04E029BB04BC01
         -41.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0103D22E8B9F5EB168D826303652E70BF409F757
         -38.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\873B90D013F736F0219D89B2C6F9A1EA936DA653
         -38.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E3ED2F3CB40BF50F4170D443F0AFE2E221C337F8
         -30.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9FFEE1EA288AC0078A37A5D966F8163CF1C23132
         -30.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\43FA650ACD8C2DC5EEF8842E6460365DFFFE241C
         -28.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\22920BAE2C2F752DB5071E9758DB7EC2242D4AEF
         -27.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CC99E2B725A40487B2B2E006A79505F77D0349CF
         -27.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F07C9D67791A8771C26D999BB9F4E3337790F5D4
         -26.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\071A615AF76DA37CB2F7BBFA98A99B07A1AADFB3
         -26.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\BAAE8C3079265D0CDE93A9A811C2B3B58DF0C927
         -26.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EA3012312DA69B27F9F60FA57362F63B94641B40
         -25.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\95D899A29A75087B211424E06EEB8632D84466A9
         -25.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2CCE0046C17C20E958DFB516A6734386CA4C82BE
         -25.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AE12BAB15ECA8911926C4E75D16EE4142F2A4F5B
         -23.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1D68B601C5724F01952DC2EA14613CAB92B00761
         -22.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1EE0A94B0F841913B6C61D6BDAC4AFE37F396707
         -22.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\495C5895CCEB2F13273F53249B8878E0E068D5C0
         -22.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8CFDE67B916C60CDDD1CAAA4DE0A92D2A7E3AE41
         -22.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\94EBD8AE2B4A80B3785CC414ECD6BD2E73A7401E
         -21.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F75EFF265308B091EEDC263E155839770A0CA280
         -14.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\36CF0D251A846C3D94E723FF7BE39B7FADF9F120
         -14.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\047A6F998A2DAA7BDB9CFFBA8C6C66F47AC79D04
         -13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\539F18489445C164A29FDD883AE8467244AD72D4
         -13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\333C513B00507662217562429262AD9457F538C6
         -12.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3FECAF8CE59C44C22E75A66E9C2A6A43CFFBB48C
         -12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\319DA61DCA761C39E15AB75034DAD72822DFA284
         -10.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C732E6A3C316E35228723C892A1517D4617156C9
         -10.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F7215CE413960EE33F16FF91D579B7C5E8B2CB80
         -9.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1F66F7091E38623409A1BBF3B4961FC109C90D34
         -9.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\037AEB18A9FDE3CAE478312085A865183743C8D7
         -9.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\914DBD76D2B9C3AD155EB99C656873AA6D9C334A
         -9.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\672071FEFE923C2813B8216EE48F5BD55343BFDD
         -8.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CC619B897380C03D95D2A7AB4A788029EB663ADA
         -8.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5CA50755980C9890B511FF446A9008CE84C83E0F
         -8.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\99F070E7D91483295163BAB48C57975C759F5F6D
         -8.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B788C29C28A0F4BF3BD3FE143D4F6CB8748ABFF2
         -8.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\273567881FD9E769A5C08EB76F84D647FC52B6B2
         -8.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A93BE71C31AC3B9A40768DA5B512E41C21A06BB9
         -8.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E2D6CF787634F1F797156B415371478FBE3FC7FC
         -8.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\06C156795D4A49FA4A8CF145DAC4A808B0CCF189
         -8.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3C2C0EE70575EB46FCE8F6ABAF8B8B795572E4C0
         -8.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8CB8E29C73505C289F126D64B8BB42FCB6E950D8
         -8.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\DF1BF23AA9A031B83B6D314203416611074A8D5A
         -8.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D03B35FCC2ADCC747A731D00FF029D81039B1C41
         -8.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D28432C7104ADF7F73E8A29969FBB4FE548AC34D
         -7.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2BD75B56646840475753350BE37EA751D1860810
         -7.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5C649B852794F4C0AE90289912D3B92E8ACF738E
         -7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0C671D968BD61C8D83D0A53137350D48AF0D1A18
         -7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\728345BBC9CD21AFA45212DC4DD3CAC102D3C135
         -7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6DB312F2D210D33B6F35D5DBAA76636A221A3A0B
         -7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\72E5CDA24EBB8CB71A76DD000D1ED28BF203DC82
         -7.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9D454BC753192809F048BEC012D5029C3B587B22
         -7.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5BCF34FCF9441DCF91EBA17EB2068D2A7360CCE9
         -7.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4CF3893C48A0F5C307418DA722D7EC589C6C7575
         -6.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\33F4ABB270063A7F771200A809175C7E002645F9
         -6.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\BD0AB8EC2D695D81F12AA11349F63B02E60A4B3D
         -6.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C24716804140E87BFD0023A301E60C8CE5ED7E72
         -6.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4E1EA335E00C2E628ED3CB4DB0EAA7A8DB51346E
         -6.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AB9CE004B144813D8433556C577506DB9D8BD515
         -5.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C1229EB569F906B39125AC6F5BF00098D8850185
         -5.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0D17D33ABB992BF2D29B45E342E6DF2C0EB71B7F
         -5.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CB850E98B7F86334D4798761A7DECAF3B537FB2C
         -4.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\ED62BABB950A8C6663DBE7A70D116EC13D5B2E8F
         -3.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\553B2A878963D632B5964C2661A4B716C71BC36C
         -2.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6372EF688F235BCB5D2ABA39EA6DE07C95BBA076
          0.0s C:\Users\ich\Downloads\MP4 Player - CHIP-Installer.exe
          0.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2FC63ED68979E3E6E562E71F6899C3BE26CE18F9
          4.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B1455F8EA89E3B8F006B69FD36A4FE9622C66578
          7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B8B20F9F99A4B7E587B7C135158CA851C8DB6D4A
          7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\7530F0DAF91DE94A2165432C0D28043BA2EA29E9
          7.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\79EDBB1BAB9CD8B6079FD16F80159B0306C6BB72
          7.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\123A607F3FF78DBAD42364534755AC090F55D89D
         10.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\69C5FF019B847B8CFDFD361B6673E3267D958207
         11.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\13A01791B8E1CCCDA2F81C321335B6BE1881F5FC
         11.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F1D3D5FA36A79794258AE3279487E8B0B13CB484
         11.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\85AC9674151F97BB88B1A98BB9B1281AF4E5415D
         11.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\709D73996C8256799E8D53435E78BC608F432F65
         11.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0B3D5188C0691B503B8CD17D5D5123E77A7A7A83
         11.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9240B85B03623F8CAA65E2FE2FC877DCBDA74750
         11.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E7BA79F39E10F860108186A3D3B0921F92C79C9D
         11.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\46B9A61FF4B72DD2CAC62034C15C13421C0DCF6A
         12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B52C05EF97F5033140BC7A75F9F11F57BF636B29
         12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1F03CF48085D955D8DCB8F289A66D0F74DDBA791
         12.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2ACCCE018F26E3F252D0E459A32AE7B3BD37443C
         12.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5B3659AFCCFF055A84D4EF392F3EE2D8EFD74560
         12.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\74CB5C6B51442A458597ED5B90F95DC771D18468
         12.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0B57D7AF4DF331284569D972FC07316E9732B405
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\740CA68CE705F41F996C5895E7C33829E3A57B55
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F2D5E3887A1F3BADE125E1BADE0BD73CD8CDA2C5
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\607641B22C094D02F9B16CCC975410C750C4EB72
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3EFDE4B7A1047440D8CEEB694D21947884F5943C
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\E1F7549BB1DF4E487F414D093C4F11C3FD98BC1D
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\002ACCB6C900489E6B0088E11D4F19E81E28FAAA
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\BB064B0B90FB7B73E53E5B29E70639E7279E33FC
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9D96E270CA82E5108DF9B6539C7F91F95D5664C8
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F07D2B3B000E87B42F228E908CD60A3E29C1822A
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\816592165B7307BBE88280C4DEC20866D62B4896
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\339375A03EB0B776C92DFEEA68C5C0FFD4457D0A
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\886D7767645153A65086F0DA9D3BBA2E013371DF
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\32B81B1D2885B2FB97507EDA13F218FFA3A3ED8B
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EF229667A2DB19A641DCB948A0A53C9EF68A390E
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B37F7CF6A8B7A70F14C0C91CC136C4411CB98A82
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8A309DAB4DB82420731DA6DBD1D7BA8719D91D77
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\FD2C6BAB9F5BA64BB962DBCEFC97A2B86407C550
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\758B79123783DB77B4AD599D496E068F909AD363
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AC02171233A70FCA0FBC2622DB357679FF8AA574
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9276CE65C1F1995C1A2D564EC6419F55C85A1071
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9131E452FE767AD8705DEEB420BF6952FBF24E57
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B110488C666D64DB518CDFBB2AF58589C966CF9A
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0C60D490DFF3F9BD1EF21A9876DBE3DAC941C4F9
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D211C198B7BAEDD653F587CCF45F0591609A7928
         12.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\332E5B8D3A693C43E24EDB49855344231C16DE2A
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AB438077662501F983E53D70BCBDB4B160023DB2
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2474E015B0222CA79D68B7A196BBD47BDE44BCCF
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C0C65AFD0426A7A8B3A27BDD524533E6743A4B86
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\00E6DE55914A9EBD183F1FAB8B997311D8009E4E
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9388C7AA1441EB5D920ED8DB69BE394576BB6908
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D1656F84D66698B1DFA9FAEC55C012C224AA43F8
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\345B0C14E2D4A7CF2067F725B4CED684A0EAB891
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8E2C8D920E56AA5CBB76985A0E7A321204B7A3E1
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\01AD8E0D912E08B53FC76F52473EE28BDA2946AE
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B21D2260735B189FCB79B35F8A2A67CC46ABC67B
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\CB495D0A90E2F394F1C6C85BECE947DEBA1A598C
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\58E63400CF4C418AAB14BDDDDF9486B161CCA288
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A7E93B3DF96B45795609FA73FB4D5DBC8AFCCA2C
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A379981306FD23DA6DD7DA02420583E7C51D8072
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0FFBF3651E6D84D354E74ABD307049640F5A5992
         12.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C3C41ECB57E3C78A352BE0739A119EA3BAF60A2B
         12.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EE41BE1B6E5F00963D93B26D4816C33E38ADFEF7
         12.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3A54404FA5E8032962CA5073FF5B0B3693E0A190
         12.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2CC85A44A11447B38CFE44F54B3F063A5D144C2B
         13.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\65C465B35333C955C6ED1C9A103CE7397263773C
         13.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5E8EC2DD32BA9AF1658A4461D4D05C6E42859CD2
         13.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4748B59776B6B9B718C5923EA18D1F03078A97F4
         13.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6B4F9A2EEE91AE3955073DD5E73B58CE23F37CDE
         13.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2AA88F629A81972A9BEDC596D7BB286FBD166A83
         13.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1BDF5A2FE786333ED5145F6F22A7A80C8115AAE7
         13.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A4C367D0114907F444FAF437878CCFFFAF9B8792
         13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\7D1E0EEEF169CEEB9ADAAA3D5DFA5E970C8EBEED
         13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\7D30C25BEB29D9448A1ADF2E7EC512C79D17AEE0
         13.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1B0EB3CB7F50F3AAD0E40938A9ACF39BF7500B48
         13.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F3A766C1BFD81BC246942E4BBE7E0DFC2F50D6CE
         14.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4CED22B9C8D1919E564B9F134CC264B8D724F6D7
         14.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1817FC0244962C7E19ADFAD6B0076F928AC3847C
         14.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0C0EEBED76E75E39C8929E4A0BD313A5EAABFC30
         14.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\422D3A1492824BB7C89E9BED2E88E9185EEC41EA
         14.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9107FAC4E1CE09627B9D92DCE5B9E5EA0B069C19
         14.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\DC75A45E8B8CBCEA693AFB2B86C00DF17FC54F6E
         14.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EA351842EA1D2BEF6C450100C71A6741BCB032E7
         14.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8A5CC51739ED26F97DE19D8B6D8B004BE4E057A4
         15.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\654D671DFCE7312656528F148CAE1A4CC0D42E10
         15.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4C95DAAB302902A4B043B306713E383F32B1A768
         15.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\193F6593C4D469C40E08654DDE7E94E7FC7AE432
         15.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B5117B39AB1C8C830904400073F6817B6F3B67EB
         15.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2B10D33A082524A2405C2CE718D23A8CEABF594F
         15.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F716AFC11FFC882EF61497E8EF40B93EB47241FE
         15.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D1B9753C5A00006F10FBF36613C90144B6386D6A
         16.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A4349618D22DBFBB73249CCE8B1213E0B5CAEFE0
         16.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\7443F44D28550F332CC22D04A6438F4F64BF839E
         16.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\B3D911ACDA71A67151AAEAF0B1CD789D966FA75D
         16.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\EB05C179771EFF74173E663D97DE004C3DB60253
         16.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6A1914CCF2AD825F35D6FC373983FEA3EAFA1900
         17.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\BA2C39BF93DD57B0748B396F4D8BC63D3C9D9BFD
         17.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9E642915AE346A4ABB7C053B061422832530DF71
         17.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\FB421DDECF21A0EAE3C06C1C5A4C03FC49645210
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\6FFF82C19FB5110A4ACBB1749EF5BE490B67DC86
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\42A29D32235391781DEFBD882D886C0FDE2E077F
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AC8F071F56237863E7EA706BE6252ADD439DF110
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1278AEBB90CD7C050A3CB8398FBA7E84D506087A
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0EA3BBF1219F980482B0D12A60C555EA38113BC4
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1FDFD098DC0D77EEC1148CACEB084FC2E5B7F5C9
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\BDC4734A593167E9D2A5CF0934D686232A36F459
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\552601BEA5CA672DA0DF11A55410D6693D462C7D
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\ADD46E980EB826CC1DEEC3DE9F2F29934DE7D4C4
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\ACB49DDE76A830B297EE999762249809B0E6CB38
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4B8260BEE672CD0DE051B41BF7BF6D3AB497C71D
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\0DA73768D51BE12218C0FF72E781D5089A094CE4
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\DBBD8FDF8387927B9868E45A969E5478C487FF1C
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\287ADD10B5C445F9AF66DB2E222396CBDAA3B919
         17.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\37E5C3357B0869D1DAB1F04C5A108B8A78D9C52D
         17.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\055A8C8CA5FB76E1A1E6B510656FC105243F3846
         18.0s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\52092758E8C995B5609755DB7D1F277B1255D2C9
         18.2s C:\Users\ich\AppData\Local\Temp\DMR\
         18.2s C:\Users\ich\AppData\Local\Temp\DMR\dmr_72.exe
         18.2s C:\Users\ich\AppData\Local\Temp\DMR\hjazfuixhkjcngxj.dat
         18.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9F55F2568C269C2927A6054D13FDB43B763C8F5E
         18.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\DA7984F8D2D931040EBEE8E9FA11DB0340A889DB
         18.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\1EA2DB366F639A7AB1C6E58E23AF479759C6F2D2
         18.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4CE31DAD90F2FAA2E0662267CE0A121B7D023634
         18.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5516D20603A1FFC395286164F87ED30284636CBF
         19.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\A5F2FE2610711B64B13FED3E5A71B6DAA3813063
         19.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5D2612757AD73F0B2D712526F9D34A501A27E072
         19.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\C0336F2D7B89E76B1CA509C9BDFB70D9CF91105F
         19.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\4AD67CFB92DF3612EAE34F717135E0EAC0015ED9
         19.7s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\5B8AB7D38D3D4BA07F70C57E41F938BBF4BB3450
         19.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\03CF5A58189C3F150ABC8CD4395E99CB0189B15D
         20.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\D7B2438157041D9540BB582B09AA8B98D8AB7C78
         20.5s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\F2A27C3EF6B76AA94D3AB3E117CDDAFD4B585C66
         20.9s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\3F174392665636D92C3A4EE7B4B49BD57F0F1E07
         21.2s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\16FB5A8655FF940F4CE72FD05524BB3F5A1277DF
         22.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\38A1935C52C3A2A1BB56B4EEC30ADC38882C579A
         22.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\FD950F1C5E88DFF83052124BC36E4F92D5E033F4
         22.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\9675F85A82FD6CA0669592AEA54E8A2A8717D2C3
         22.4s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\AA057E4038209E3DEBD7187A1194C4F5ABBF65F5
         23.1s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\189CF80900FCCFE8E0582E76825E8EF312444646
         23.6s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\8DDFD8537BEBFB5F749A3CC1244647213267CEED
         23.8s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\2E951E2DFA6D793BA3CDF824229EB175EFC1E727
         24.3s C:\Users\ich\AppData\Local\Mozilla\Firefox\Profiles\dqas6wsy.default\cache2\entries\11C50085C2B9CE344F029B355C7F5FC849080168


Suspicious files ____________________________________________________________

   C:\Users\ich\AppData\Local\Amazon Music\Amazon Music Helper.exe -> Deleted
      Size . . . . . . . : 5.895.968 bytes
      Age  . . . . . . . : 623.7 days (2014-07-24 21:47:20)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 6448199A62FCC9A6F9EA2F90627859F46D004B510D8C75BA57B836CFC51020A8
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\explorer.exe
      Authenticode . . . : Self-signed
      Running processes  : 2168
      Fuzzy  . . . . . . : 24.0
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-2626116637-620421503-1091596990-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amazon Music
      Network Ports
         127.0.0.1:18800	


Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\MP4 Player\ (IveFound) -> Deleted
   C:\Program Files (x86)\MP4 Player\prog_ico.ico (IveFound) -> Deleted
   C:\Program Files (x86)\MP4 Player\swk.ini (IveFound) -> Deleted
   C:\Program Files (x86)\MP4 Player\uninst.exe (IveFound) -> Deleted
      Size . . . . . . . : 206.243 bytes
      Age  . . . . . . . : 1.9 days (2016-04-06 17:48:55)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 97CF6C16A5ABDD183A9509FD894F357AF44AAC482F3BB25AB031D1B3909214EC
      Fuzzy  . . . . . . : 2.0
      Forensic Cluster
         -1.3s C:\Program Files (x86)\MP4 Player\
         -0.3s C:\Program Files (x86)\MP4 Player\prog_ico.ico
         -0.2s C:\Program Files (x86)\MP4 Player\Mp4Player.exe
         -0.2s C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player\
         -0.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\
         -0.0s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\MP4 Player .lnk
          0.0s C:\Program Files (x86)\MP4 Player\uninst.exe
          1.0s C:\Users\ich\AppData\Local\Temp\htmpl.htm
          4.8s C:\Program Files (x86)\MP4 Player\swk.ini
          4.8s C:\Users\ich\AppData\Roaming\swk.ini

   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\ (IveFound) -> Deleted
   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP4 Player\MP4 Player .lnk (IveFound) -> PendingDelete
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP4 Player\ (IveFound) -> Deleted
   HKLM\SOFTWARE\Classes\mp4player.file\ (IveFound) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mp4Player.exe\ (IveFound) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\mp4Player.exe\ (IveFound) -> PendingDelete
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MP4 Player\ (IveFound) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\0XX57D9C.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\1MH4BGKH.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\1XC1GEBZ.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\1ZP077M1.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\41YIJH9G.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\7Q1M1Z0H.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\DN7BLJSP.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\JKOD0HLJ.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\KI0W86CM.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\R5716L9D.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\WNU84GSE.txt
   C:\Users\ich\AppData\Roaming\Microsoft\Windows\Cookies\WPDE4DLV.txt
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:1037440627.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:1415405575.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:153810908.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:177626932.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:1916610717.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:1und1internetag.d3.sc.omtrdc.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:2090121583.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:2168080036.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:2565631388.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:2730640596.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:2763780847.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:3261330203.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:3587111999.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:3732561580.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:4629021.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:554321284.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:66172283.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:73492418.log.optimizely.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:abmr.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:acuityplatform.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad.360yield.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad.adnet.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad.dyntracker.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad.mainpost.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad.zanox.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad1.adfarm1.adition.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad2.adfarm1.adition.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad2.cdns.turn.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad3.adfarm1.adition.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad4.adfarm1.adition.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ad9.adfarm1.adition.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adadvisor.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adaptv.advertising.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adbrn.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:addthis.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adfarm1.adition.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adform.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adformdsp.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adgrx.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adhigh.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:admized.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adnxs.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.avocet.io
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.betweendigital.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.brandwire.tv
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.chargeads.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.kiosked.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.linkedin.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.p161.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.programattik.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.reviveadtag.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.smartstream.tv
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.tracking.justpremium.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ads.travelaudience.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adsby.bidtheatre.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adscale.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adscience.nl
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adserver.doccheck.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adserver.skiresort-service.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adsrvr.org
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adsymptotic.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adtech.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adtechus.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:adultfriendfinder.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:advertising.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:agkn.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:at.atwola.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:atdmt.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:atemda.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:audienceiq.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:basebanner.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:bidr.io
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:bidswitch.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:bizrate.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:bluekai.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:burstnet.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:c.appier.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:c1.adform.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:casalemedia.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:cdn.turn.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:chango.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:classicindustries.112.2o7.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:community.xxxlshop.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:connexity.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:contextweb.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:crwdcntrl.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ctnsnet.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:cxense.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:dco.w55c.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:de.sitestat.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:de17a.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:demdex.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:des.smartclip.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:deutschepostag.112.2o7.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:dmp.adform.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:dmtry.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:dotomi.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:doubleclick.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:dpclk.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:dpm.demdex.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:emjcd.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:erne.co
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:everesttech.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:eyeviewads.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ezakus.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:fastclick.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:flashtalking.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:go.flx1.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:go.sonobi.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:gssprt.jp
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:gwallet.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ibeu2.mookie1.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ibillboard.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ih.adscale.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:immoweltag.d3.sc.omtrdc.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:imrworldwide.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:in.getclicky.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ipredictive.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:krxd.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:legolas-media.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:lijit.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:linksynergy.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ltur.112.2o7.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:m6r.eu
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:match.rundsp.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:mathtag.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:mediaplex.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:metrigo.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ml314.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:mmstat.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:mookie1.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:mxptint.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:nexac.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:omtrdc.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:openx.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:optimatic.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:outbrain.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:owneriq.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ox-d.ebayde.servedbyopenx.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ox-d.ebaydeb.servedbyopenx.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ox-d.futurenet.servedbyopenx.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ox-d.kleinanzeigen.servedbyopenx.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:paypal.d1.sc.omtrdc.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:pixel.rubiconproject.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:pixel.sitescout.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:pool.admedo.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:pubmatic.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:relestar.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:revsci.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:rfihub.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:rhythmxchange.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:rlcdn.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:rtbidder.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ru4.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:rubiconproject.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:rvty.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:scorecardresearch.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:server.adformdsp.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:servesharp.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:serving-sys.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:simpli.fi
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:sitescout.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:skimresources.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:smartadserver.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:statcounter.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:stats.deka.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:stats.paypal.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:swid.switchads.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:sxp.smartclip.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:taboola.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tap-t.rubiconproject.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tap.rubiconproject.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tap2-cdn.rubiconproject.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tapad.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ticketmaster.122.2o7.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tidaltv.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:track.adform.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:trc.taboola.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tremorhub.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:triggit.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:tubemogul.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:turn.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:univide.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:vfde.demdex.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:vindicosuite.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:virool.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:visualdna.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:w55c.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:wdh.d3.sc.omtrdc.net
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:wtp101.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:ww400.smartadserver.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:www.etracker.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:www.googleadservices.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:www.xxxlshop.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:xiti.com
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:xxxlshop.de
   C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\dqas6wsy.default\cookies.sqlite:yieldlab.net

deeprybka · 12.04.2016, 22:43

Schritt 1
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

zeuss · 13.04.2016, 09:20

Code:

ATTFilter

10:13:52.0213 0x0f00  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
10:15:33.0756 0x0f00  ============================================================
10:15:33.0756 0x0f00  Current date / time: 2016/04/13 10:15:33.0756
10:15:33.0756 0x0f00  SystemInfo:
10:15:33.0756 0x0f00  
10:15:33.0756 0x0f00  OS Version: 6.1.7601 ServicePack: 1.0
10:15:33.0756 0x0f00  Product type: Workstation
10:15:33.0757 0x0f00  ComputerName: ICH-PC
10:15:33.0757 0x0f00  UserName: ich
10:15:33.0757 0x0f00  Windows directory: C:\Windows
10:15:33.0757 0x0f00  System windows directory: C:\Windows
10:15:33.0757 0x0f00  Running under WOW64
10:15:33.0757 0x0f00  Processor architecture: Intel x64
10:15:33.0757 0x0f00  Number of processors: 4
10:15:33.0757 0x0f00  Page size: 0x1000
10:15:33.0757 0x0f00  Boot type: Normal boot
10:15:33.0757 0x0f00  ============================================================
10:15:34.0034 0x0f00  KLMD registered as C:\Windows\system32\drivers\78753414.sys
10:15:34.0227 0x0f00  System UUID: {39F6E72D-08AC-6C0D-7CFD-FE2F720105E7}
10:15:34.0808 0x0f00  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8000000 ( 698.63 Gb ), SectorSize: 0x200, Cylinders: 0x540B8, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000048
10:15:34.0809 0x0f00  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
10:15:34.0829 0x0f00  ============================================================
10:15:34.0829 0x0f00  \Device\Harddisk0\DR0:
10:15:34.0829 0x0f00  MBR partitions:
10:15:34.0829 0x0f00  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:15:34.0829 0x0f00  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5750D000
10:15:34.0829 0x0f00  \Device\Harddisk1\DR1:
10:15:34.0830 0x0f00  MBR partitions:
10:15:34.0830 0x0f00  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C3D81
10:15:34.0830 0x0f00  ============================================================
10:15:34.0834 0x0f00  C: <-> \Device\Harddisk1\DR1\Partition1
10:15:34.0846 0x0f00  F: <-> \Device\Harddisk0\DR0\Partition1
10:15:34.0864 0x0f00  L: <-> \Device\Harddisk0\DR0\Partition2
10:15:34.0864 0x0f00  ============================================================
10:15:34.0864 0x0f00  Initialize success
10:15:34.0865 0x0f00  ============================================================
10:16:48.0989 0x0bfc  ============================================================
10:16:48.0989 0x0bfc  Scan started
10:16:48.0989 0x0bfc  Mode: Manual; SigCheck; TDLFS; 
10:16:48.0989 0x0bfc  ============================================================
10:16:48.0989 0x0bfc  KSN ping started
10:16:51.0364 0x0bfc  KSN ping finished: true
10:16:51.0661 0x0bfc  ================ Scan system memory ========================
10:16:51.0661 0x0bfc  System memory - ok
10:16:51.0661 0x0bfc  ================ Scan services =============================
10:16:51.0723 0x0bfc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:16:51.0817 0x0bfc  1394ohci - ok
10:16:51.0848 0x0bfc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:16:51.0879 0x0bfc  ACPI - ok
10:16:51.0879 0x0bfc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:16:51.0926 0x0bfc  AcpiPmi - ok
10:16:51.0942 0x0bfc  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:16:51.0989 0x0bfc  AdobeARMservice - ok
10:16:52.0020 0x0bfc  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:16:52.0067 0x0bfc  AdobeFlashPlayerUpdateSvc - ok
10:16:52.0098 0x0bfc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:16:52.0161 0x0bfc  adp94xx - ok
10:16:52.0176 0x0bfc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:16:52.0239 0x0bfc  adpahci - ok
10:16:52.0254 0x0bfc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:16:52.0286 0x0bfc  adpu320 - ok
10:16:52.0301 0x0bfc  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:16:52.0333 0x0bfc  AeLookupSvc - ok
10:16:52.0348 0x0bfc  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
10:16:52.0395 0x0bfc  AFD - ok
10:16:52.0411 0x0bfc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:16:52.0426 0x0bfc  agp440 - ok
10:16:52.0442 0x0bfc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:16:52.0473 0x0bfc  ALG - ok
10:16:52.0473 0x0bfc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:16:52.0504 0x0bfc  aliide - ok
10:16:52.0520 0x0bfc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:16:52.0551 0x0bfc  amdide - ok
10:16:52.0567 0x0bfc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:16:52.0614 0x0bfc  AmdK8 - ok
10:16:52.0629 0x0bfc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:16:52.0661 0x0bfc  AmdPPM - ok
10:16:52.0676 0x0bfc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:16:52.0708 0x0bfc  amdsata - ok
10:16:52.0739 0x0bfc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:16:52.0786 0x0bfc  amdsbs - ok
10:16:52.0786 0x0bfc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:16:52.0833 0x0bfc  amdxata - ok
10:16:52.0864 0x0bfc  [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
10:16:52.0989 0x0bfc  AntiVirMailService - ok
10:16:53.0004 0x0bfc  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:16:53.0067 0x0bfc  AntiVirSchedulerService - ok
10:16:53.0098 0x0bfc  [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:16:53.0161 0x0bfc  AntiVirService - ok
10:16:53.0208 0x0bfc  [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
10:16:53.0317 0x0bfc  AntiVirWebService - ok
10:16:53.0333 0x0bfc  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
10:16:53.0379 0x0bfc  AppID - ok
10:16:53.0379 0x0bfc  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:16:53.0411 0x0bfc  AppIDSvc - ok
10:16:53.0426 0x0bfc  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
10:16:53.0442 0x0bfc  Appinfo - ok
10:16:53.0458 0x0bfc  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:16:53.0504 0x0bfc  AppMgmt - ok
10:16:53.0504 0x0bfc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:16:53.0551 0x0bfc  arc - ok
10:16:53.0567 0x0bfc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:16:53.0614 0x0bfc  arcsas - ok
10:16:53.0645 0x0bfc  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:16:53.0692 0x0bfc  aspnet_state - ok
10:16:53.0692 0x0bfc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:53.0786 0x0bfc  AsyncMac - ok
10:16:53.0801 0x0bfc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:16:53.0817 0x0bfc  atapi - ok
10:16:53.0848 0x0bfc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:16:53.0911 0x0bfc  AudioEndpointBuilder - ok
10:16:53.0942 0x0bfc  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:16:53.0989 0x0bfc  AudioSrv - ok
10:16:54.0004 0x0bfc  [ 742D578C28F6F58B8B576F91A1D8EB4E, 6C49EC198E67CE40728F0C19CB2BDCB59310BA59324F58E4D456DA2C8CC28BA6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:16:54.0051 0x0bfc  avgntflt - ok
10:16:54.0067 0x0bfc  [ FBC2483AD62FBC8BD76A4254C50874BA, 04398AB0221535DD5D0A1AF6CA107F815CD607E668E2E7887D061FCED7373728 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:16:54.0114 0x0bfc  avipbb - ok
10:16:54.0129 0x0bfc  [ 98BB62ABFD17F284C3C5DE40F8266F3C, CD08C737BE9FC32FF98252FCFFCAE779EC6FAB76BF80F0835ACE71F1E155D70D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
10:16:54.0176 0x0bfc  Avira.ServiceHost - ok
10:16:54.0192 0x0bfc  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:16:54.0239 0x0bfc  avkmgr - ok
10:16:54.0239 0x0bfc  [ CE7793573FA4E70033D907DD919FF648, 3785CB15F95DAEA28ADE80A911C58D092499A116761AF9C8356ED0F2D19130E8 ] avmident        C:\Program Files (x86)\FRITZ!Box-Kindersicherung\avmident.exe
10:16:54.0270 0x0bfc  avmident - detected UnsignedFile.Multi.Generic ( 1 )
10:16:55.0989 0x13c8  Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
10:16:56.0629 0x0bfc  Detect skipped due to KSN trusted
10:16:56.0629 0x0bfc  avmident - ok
10:16:56.0645 0x0bfc  [ 7FDC860B34BDFFDFCE98622F81F24FA9, 3EF774A7F2EB741633611400161B6D4F642F9357BF6E957E14E70D1645BE6466 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
10:16:56.0676 0x0bfc  avnetflt - ok
10:16:56.0692 0x0bfc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:16:56.0723 0x0bfc  AxInstSV - ok
10:16:56.0754 0x0bfc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:16:56.0817 0x0bfc  b06bdrv - ok
10:16:56.0848 0x0bfc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:16:56.0895 0x0bfc  b57nd60a - ok
10:16:56.0911 0x0bfc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:16:56.0942 0x0bfc  BDESVC - ok
10:16:56.0942 0x0bfc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:16:57.0004 0x0bfc  Beep - ok
10:16:57.0036 0x0bfc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:16:57.0098 0x0bfc  BFE - ok
10:16:57.0129 0x0bfc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
10:16:57.0270 0x0bfc  BITS - ok
10:16:57.0270 0x0bfc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:16:57.0317 0x0bfc  blbdrive - ok
10:16:57.0333 0x0bfc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:16:57.0364 0x0bfc  bowser - ok
10:16:57.0364 0x0bfc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:16:57.0411 0x0bfc  BrFiltLo - ok
10:16:57.0426 0x0bfc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:16:57.0473 0x0bfc  BrFiltUp - ok
10:16:57.0473 0x0bfc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:16:57.0504 0x0bfc  Browser - ok
10:16:57.0536 0x0bfc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:16:57.0598 0x0bfc  Brserid - ok
10:16:57.0598 0x0bfc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:16:57.0645 0x0bfc  BrSerWdm - ok
10:16:57.0661 0x0bfc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:16:57.0692 0x0bfc  BrUsbMdm - ok
10:16:57.0708 0x0bfc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:16:57.0739 0x0bfc  BrUsbSer - ok
10:16:57.0754 0x0bfc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:16:57.0801 0x0bfc  BTHMODEM - ok
10:16:57.0817 0x0bfc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:16:57.0864 0x0bfc  bthserv - ok
10:16:57.0879 0x0bfc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:16:57.0942 0x0bfc  cdfs - ok
10:16:57.0958 0x0bfc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:16:57.0989 0x0bfc  cdrom - ok
10:16:57.0989 0x0bfc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:16:58.0051 0x0bfc  CertPropSvc - ok
10:16:58.0051 0x0bfc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:16:58.0098 0x0bfc  circlass - ok
10:16:58.0129 0x0bfc  [ ED81E81752CA817AFA740C14AD05BC6C, 9E4B04D4604B96866B3ED18433914BF7ECF3F746CDB34ED856FFC418AAB3C04F ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
10:16:58.0192 0x0bfc  cjpcsc - ok
10:16:58.0208 0x0bfc  [ 06E1F5228399FC49A8D026DA38DB6784, 5554071E5C55FC7EF3C7C95F0BC565509C3F0C03E0814C98376932A9D1C32AA6 ] cjusb           C:\Windows\system32\DRIVERS\cjusb.sys
10:16:58.0239 0x0bfc  cjusb - ok
10:16:58.0270 0x0bfc  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
10:16:58.0301 0x0bfc  CLFS - ok
10:16:58.0317 0x0bfc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:16:58.0348 0x0bfc  clr_optimization_v2.0.50727_32 - ok
10:16:58.0364 0x0bfc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:16:58.0379 0x0bfc  clr_optimization_v2.0.50727_64 - ok
10:16:58.0395 0x0bfc  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:16:58.0458 0x0bfc  clr_optimization_v4.0.30319_32 - ok
10:16:58.0458 0x13c8  Object send P2P result: true
10:16:58.0473 0x0bfc  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:16:58.0520 0x0bfc  clr_optimization_v4.0.30319_64 - ok
10:16:58.0536 0x0bfc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:16:58.0567 0x0bfc  CmBatt - ok
10:16:58.0583 0x0bfc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:16:58.0614 0x0bfc  cmdide - ok
10:16:58.0645 0x0bfc  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:16:58.0692 0x0bfc  CNG - ok
10:16:58.0692 0x0bfc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:16:58.0739 0x0bfc  Compbatt - ok
10:16:58.0754 0x0bfc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:16:58.0786 0x0bfc  CompositeBus - ok
10:16:58.0786 0x0bfc  COMSysApp - ok
10:16:58.0801 0x0bfc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:16:58.0848 0x0bfc  crcdisk - ok
10:16:58.0864 0x0bfc  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:16:58.0895 0x0bfc  CryptSvc - ok
10:16:58.0926 0x0bfc  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
10:16:58.0973 0x0bfc  CSC - ok
10:16:59.0004 0x0bfc  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
10:16:59.0051 0x0bfc  CscService - ok
10:16:59.0083 0x0bfc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:16:59.0161 0x0bfc  DcomLaunch - ok
10:16:59.0176 0x0bfc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:16:59.0254 0x0bfc  defragsvc - ok
10:16:59.0270 0x0bfc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:16:59.0317 0x0bfc  DfsC - ok
10:16:59.0333 0x0bfc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:16:59.0379 0x0bfc  Dhcp - ok
10:16:59.0442 0x0bfc  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
10:16:59.0520 0x0bfc  DiagTrack - ok
10:16:59.0536 0x0bfc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:16:59.0598 0x0bfc  discache - ok
10:16:59.0598 0x0bfc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:16:59.0629 0x0bfc  Disk - ok
10:16:59.0645 0x0bfc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:16:59.0676 0x0bfc  Dnscache - ok
10:16:59.0692 0x0bfc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:16:59.0770 0x0bfc  dot3svc - ok
10:16:59.0786 0x0bfc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:16:59.0833 0x0bfc  DPS - ok
10:16:59.0848 0x0bfc  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:16:59.0864 0x0bfc  drmkaud - ok
10:16:59.0911 0x0bfc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:16:59.0973 0x0bfc  DXGKrnl - ok
10:16:59.0989 0x0bfc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:17:00.0036 0x0bfc  EapHost - ok
10:17:00.0161 0x0bfc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:17:00.0348 0x0bfc  ebdrv - ok
10:17:00.0364 0x0bfc  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] EFS             C:\Windows\System32\lsass.exe
10:17:00.0395 0x0bfc  EFS - ok
10:17:00.0411 0x0bfc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:17:00.0489 0x0bfc  elxstor - ok
10:17:00.0489 0x0bfc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:17:00.0520 0x0bfc  ErrDev - ok
10:17:00.0551 0x0bfc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:17:00.0614 0x0bfc  EventSystem - ok
10:17:00.0645 0x0bfc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:17:00.0708 0x0bfc  exfat - ok
10:17:00.0723 0x0bfc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:17:00.0786 0x0bfc  fastfat - ok
10:17:00.0817 0x0bfc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:17:00.0864 0x0bfc  Fax - ok
10:17:00.0879 0x0bfc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:17:00.0926 0x0bfc  fdc - ok
10:17:00.0926 0x0bfc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:17:00.0989 0x0bfc  fdPHost - ok
10:17:00.0989 0x0bfc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:17:01.0051 0x0bfc  FDResPub - ok
10:17:01.0051 0x0bfc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:17:01.0083 0x0bfc  FileInfo - ok
10:17:01.0098 0x0bfc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:17:01.0145 0x0bfc  Filetrace - ok
10:17:01.0161 0x0bfc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:17:01.0192 0x0bfc  flpydisk - ok
10:17:01.0208 0x0bfc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:17:01.0254 0x0bfc  FltMgr - ok
10:17:01.0301 0x0bfc  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
10:17:01.0379 0x0bfc  FontCache - ok
10:17:01.0395 0x0bfc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:17:01.0411 0x0bfc  FontCache3.0.0.0 - ok
10:17:01.0426 0x0bfc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:17:01.0442 0x0bfc  FsDepends - ok
10:17:01.0458 0x0bfc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:17:01.0473 0x0bfc  Fs_Rec - ok
10:17:01.0489 0x0bfc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:17:01.0536 0x0bfc  fvevol - ok
10:17:01.0536 0x0bfc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:17:01.0583 0x0bfc  gagp30kx - ok
10:17:01.0629 0x0bfc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:17:01.0723 0x0bfc  gpsvc - ok
10:17:01.0723 0x0bfc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:17:01.0770 0x0bfc  hcw85cir - ok
10:17:01.0801 0x0bfc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:17:01.0848 0x0bfc  HdAudAddService - ok
10:17:01.0848 0x0bfc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:17:01.0879 0x0bfc  HDAudBus - ok
10:17:01.0895 0x0bfc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:17:01.0942 0x0bfc  HidBatt - ok
10:17:01.0942 0x0bfc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:17:01.0989 0x0bfc  HidBth - ok
10:17:02.0004 0x0bfc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:17:02.0051 0x0bfc  HidIr - ok
10:17:02.0051 0x0bfc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:17:02.0114 0x0bfc  hidserv - ok
10:17:02.0114 0x0bfc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:17:02.0145 0x0bfc  HidUsb - ok
10:17:02.0145 0x0bfc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:17:02.0208 0x0bfc  hkmsvc - ok
10:17:02.0223 0x0bfc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:17:02.0270 0x0bfc  HomeGroupListener - ok
10:17:02.0286 0x0bfc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:17:02.0317 0x0bfc  HomeGroupProvider - ok
10:17:02.0333 0x0bfc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:17:02.0379 0x0bfc  HpSAMD - ok
10:17:02.0411 0x0bfc  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:17:02.0473 0x0bfc  HTTP - ok
10:17:02.0489 0x0bfc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:17:02.0504 0x0bfc  hwpolicy - ok
10:17:02.0520 0x0bfc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:17:02.0536 0x0bfc  i8042prt - ok
10:17:02.0567 0x0bfc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:17:02.0614 0x0bfc  iaStorV - ok
10:17:02.0661 0x0bfc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:17:02.0723 0x0bfc  idsvc - ok
10:17:02.0723 0x0bfc  IEEtwCollectorService - ok
10:17:02.0739 0x0bfc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:17:02.0786 0x0bfc  iirsp - ok
10:17:02.0817 0x0bfc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:17:02.0879 0x0bfc  IKEEXT - ok
10:17:02.0895 0x0bfc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:17:02.0942 0x0bfc  intelide - ok
10:17:02.0942 0x0bfc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:17:02.0989 0x0bfc  intelppm - ok
10:17:03.0004 0x0bfc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:17:03.0067 0x0bfc  IPBusEnum - ok
10:17:03.0067 0x0bfc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:03.0129 0x0bfc  IpFilterDriver - ok
10:17:03.0161 0x0bfc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:17:03.0208 0x0bfc  iphlpsvc - ok
10:17:03.0223 0x0bfc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:17:03.0270 0x0bfc  IPMIDRV - ok
10:17:03.0270 0x0bfc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:17:03.0333 0x0bfc  IPNAT - ok
10:17:03.0348 0x0bfc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:17:03.0379 0x0bfc  IRENUM - ok
10:17:03.0395 0x0bfc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:17:03.0411 0x0bfc  isapnp - ok
10:17:03.0426 0x0bfc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:17:03.0458 0x0bfc  iScsiPrt - ok
10:17:03.0489 0x0bfc  [ C2F9BE83DB87B30DA2B52EEB1DAEE1CE, 852F0A7833A0DFF5B6F69928B30241E6F99EAD00D3CEC1467873AB33F1D6F8FB ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
10:17:03.0504 0x0bfc  JRAID - ok
10:17:03.0520 0x0bfc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:17:03.0536 0x0bfc  kbdclass - ok
10:17:03.0551 0x0bfc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:17:03.0567 0x0bfc  kbdhid - ok
10:17:03.0583 0x0bfc  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] KeyIso          C:\Windows\system32\lsass.exe
10:17:03.0598 0x0bfc  KeyIso - ok
10:17:03.0614 0x0bfc  [ 211A379BAAB812A7B437319BD85B2435, 4C8B82817B735BEFC0C8E2A42C7EF547D1C179561D3C97B3067B5EA3408F9E4D ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:17:03.0645 0x0bfc  KSecDD - ok
10:17:03.0661 0x0bfc  [ CC1B3B52F33CBC1CE60867DA4E23537C, A373DBCE6A53B77F59D9C83E243E5C1A2B4C38571CA28198229730D612561978 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:17:03.0676 0x0bfc  KSecPkg - ok
10:17:03.0692 0x0bfc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:17:03.0739 0x0bfc  ksthunk - ok
10:17:03.0770 0x0bfc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:17:03.0833 0x0bfc  KtmRm - ok
10:17:03.0848 0x0bfc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:17:03.0911 0x0bfc  LanmanServer - ok
10:17:03.0926 0x0bfc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:17:03.0989 0x0bfc  LanmanWorkstation - ok
10:17:04.0004 0x0bfc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:17:04.0067 0x0bfc  lltdio - ok
10:17:04.0083 0x0bfc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:17:04.0145 0x0bfc  lltdsvc - ok
10:17:04.0161 0x0bfc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:17:04.0223 0x0bfc  lmhosts - ok
10:17:04.0239 0x0bfc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:17:04.0286 0x0bfc  LSI_FC - ok
10:17:04.0301 0x0bfc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:17:04.0333 0x0bfc  LSI_SAS - ok
10:17:04.0348 0x0bfc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:17:04.0395 0x0bfc  LSI_SAS2 - ok
10:17:04.0411 0x0bfc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:17:04.0458 0x0bfc  LSI_SCSI - ok
10:17:04.0458 0x0bfc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:17:04.0520 0x0bfc  luafv - ok
10:17:04.0536 0x0bfc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:17:04.0567 0x0bfc  megasas - ok
10:17:04.0583 0x0bfc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:17:04.0645 0x0bfc  MegaSR - ok
10:17:04.0645 0x0bfc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:17:04.0708 0x0bfc  MMCSS - ok
10:17:04.0723 0x0bfc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:17:04.0770 0x0bfc  Modem - ok
10:17:04.0786 0x0bfc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:17:04.0833 0x0bfc  monitor - ok
10:17:04.0833 0x0bfc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:17:04.0864 0x0bfc  mouclass - ok
10:17:04.0864 0x0bfc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:17:04.0895 0x0bfc  mouhid - ok
10:17:04.0911 0x0bfc  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:17:04.0926 0x0bfc  mountmgr - ok
10:17:04.0942 0x0bfc  [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:17:04.0989 0x0bfc  MozillaMaintenance - ok
10:17:05.0004 0x0bfc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:17:05.0036 0x0bfc  mpio - ok
10:17:05.0051 0x0bfc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:17:05.0098 0x0bfc  mpsdrv - ok
10:17:05.0145 0x0bfc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:17:05.0223 0x0bfc  MpsSvc - ok
10:17:05.0254 0x0bfc  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:17:05.0286 0x0bfc  MRxDAV - ok
10:17:05.0301 0x0bfc  [ 07F8F6B0CAEC7ADD30EBD94940A315D7, 288429A146B74E88D93C5BC19D878A42AC6F411EE31D9A6D36A2A2FFCF7B9436 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:05.0333 0x0bfc  mrxsmb - ok
10:17:05.0348 0x0bfc  [ 8856E45D23BFF4D977BF06D0543BCD96, 0066C061A3516A16C2477590859865E46E522A290CCE17C3EC1B69F81E466E9E ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:05.0395 0x0bfc  mrxsmb10 - ok
10:17:05.0395 0x0bfc  [ 8D383CED28332B5F3894658857472F47, CB3872543D08C6432CF884C11A5897637A6FC7E9AC40F424444BAAA49C9FC32A ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:05.0426 0x0bfc  mrxsmb20 - ok
10:17:05.0442 0x0bfc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:17:05.0473 0x0bfc  msahci - ok
10:17:05.0489 0x0bfc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:17:05.0520 0x0bfc  msdsm - ok
10:17:05.0536 0x0bfc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:17:05.0567 0x0bfc  MSDTC - ok
10:17:05.0583 0x0bfc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:17:05.0645 0x0bfc  Msfs - ok
10:17:05.0645 0x0bfc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:17:05.0708 0x0bfc  mshidkmdf - ok
10:17:05.0708 0x0bfc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:17:05.0739 0x0bfc  msisadrv - ok
10:17:05.0754 0x0bfc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:17:05.0817 0x0bfc  MSiSCSI - ok
10:17:05.0817 0x0bfc  msiserver - ok
10:17:05.0833 0x0bfc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:17:05.0879 0x0bfc  MSKSSRV - ok
10:17:05.0895 0x0bfc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:05.0942 0x0bfc  MSPCLOCK - ok
10:17:05.0958 0x0bfc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:17:06.0004 0x0bfc  MSPQM - ok
10:17:06.0020 0x0bfc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:17:06.0067 0x0bfc  MsRPC - ok
10:17:06.0083 0x0bfc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:17:06.0098 0x0bfc  mssmbios - ok
10:17:06.0114 0x0bfc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:17:06.0161 0x0bfc  MSTEE - ok
10:17:06.0176 0x0bfc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:17:06.0208 0x0bfc  MTConfig - ok
10:17:06.0223 0x0bfc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:17:06.0239 0x0bfc  Mup - ok
10:17:06.0270 0x0bfc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:17:06.0333 0x0bfc  napagent - ok
10:17:06.0348 0x0bfc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:17:06.0395 0x0bfc  NativeWifiP - ok
10:17:06.0442 0x0bfc  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:17:06.0504 0x0bfc  NDIS - ok
10:17:06.0520 0x0bfc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:17:06.0567 0x0bfc  NdisCap - ok
10:17:06.0583 0x0bfc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:06.0629 0x0bfc  NdisTapi - ok
10:17:06.0645 0x0bfc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:06.0692 0x0bfc  Ndisuio - ok
10:17:06.0708 0x0bfc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:06.0770 0x0bfc  NdisWan - ok
10:17:06.0786 0x0bfc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:17:06.0848 0x0bfc  NDProxy - ok
10:17:06.0864 0x0bfc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:17:06.0911 0x0bfc  NetBIOS - ok
10:17:06.0942 0x0bfc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:17:07.0004 0x0bfc  NetBT - ok
10:17:07.0020 0x0bfc  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] Netlogon        C:\Windows\system32\lsass.exe
10:17:07.0036 0x0bfc  Netlogon - ok
10:17:07.0067 0x0bfc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:17:07.0129 0x0bfc  Netman - ok
10:17:07.0145 0x0bfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:07.0192 0x0bfc  NetMsmqActivator - ok
10:17:07.0208 0x0bfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:07.0239 0x0bfc  NetPipeActivator - ok
10:17:07.0270 0x0bfc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:17:07.0333 0x0bfc  netprofm - ok
10:17:07.0348 0x0bfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:07.0379 0x0bfc  NetTcpActivator - ok
10:17:07.0395 0x0bfc  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:17:07.0426 0x0bfc  NetTcpPortSharing - ok
10:17:07.0426 0x0bfc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:17:07.0473 0x0bfc  nfrd960 - ok
10:17:07.0489 0x0bfc  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:17:07.0536 0x0bfc  NlaSvc - ok
10:17:07.0536 0x0bfc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:17:07.0598 0x0bfc  Npfs - ok
10:17:07.0598 0x0bfc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:17:07.0661 0x0bfc  nsi - ok
10:17:07.0676 0x0bfc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:17:07.0739 0x0bfc  nsiproxy - ok
10:17:07.0801 0x0bfc  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:17:07.0895 0x0bfc  Ntfs - ok
10:17:07.0911 0x0bfc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:17:07.0958 0x0bfc  Null - ok
10:17:07.0973 0x0bfc  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:17:08.0020 0x0bfc  NVHDA - ok
10:17:08.0489 0x0bfc  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:17:08.0989 0x0bfc  nvlddmkm - ok
10:17:09.0036 0x0bfc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:17:09.0098 0x0bfc  nvraid - ok
10:17:09.0098 0x0bfc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:17:09.0161 0x0bfc  nvstor - ok
10:17:09.0192 0x0bfc  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:17:09.0254 0x0bfc  nvsvc - ok
10:17:09.0270 0x0bfc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:17:09.0301 0x0bfc  nv_agp - ok
10:17:09.0317 0x0bfc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:17:09.0348 0x0bfc  ohci1394 - ok
10:17:09.0364 0x0bfc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:17:09.0411 0x0bfc  p2pimsvc - ok
10:17:09.0426 0x0bfc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:17:09.0473 0x0bfc  p2psvc - ok
10:17:09.0489 0x0bfc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:17:09.0520 0x0bfc  Parport - ok
10:17:09.0520 0x0bfc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:17:09.0551 0x0bfc  partmgr - ok
10:17:09.0567 0x0bfc  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:17:09.0598 0x0bfc  PcaSvc - ok
10:17:09.0614 0x0bfc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:17:09.0645 0x0bfc  pci - ok
10:17:09.0661 0x0bfc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:17:09.0676 0x0bfc  pciide - ok
10:17:09.0692 0x0bfc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:17:09.0754 0x0bfc  pcmcia - ok
10:17:09.0754 0x0bfc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:17:09.0786 0x0bfc  pcw - ok
10:17:09.0817 0x0bfc  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:17:09.0864 0x0bfc  PEAUTH - ok
10:17:09.0926 0x0bfc  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:17:10.0004 0x0bfc  PeerDistSvc - ok
10:17:10.0036 0x0bfc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:17:10.0067 0x0bfc  PerfHost - ok
10:17:10.0129 0x0bfc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:17:10.0239 0x0bfc  pla - ok
10:17:10.0270 0x0bfc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:17:10.0317 0x0bfc  PlugPlay - ok
10:17:10.0333 0x0bfc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:17:10.0348 0x0bfc  PNRPAutoReg - ok
10:17:10.0379 0x0bfc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:17:10.0411 0x0bfc  PNRPsvc - ok
10:17:10.0426 0x0bfc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:17:10.0504 0x0bfc  PolicyAgent - ok
10:17:10.0520 0x0bfc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:17:10.0583 0x0bfc  Power - ok
10:17:10.0598 0x0bfc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:17:10.0645 0x0bfc  PptpMiniport - ok
10:17:10.0661 0x0bfc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:17:10.0708 0x0bfc  Processor - ok
10:17:10.0739 0x0bfc  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:17:10.0770 0x0bfc  ProfSvc - ok
10:17:10.0770 0x0bfc  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:17:10.0801 0x0bfc  ProtectedStorage - ok
10:17:10.0817 0x0bfc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:17:10.0864 0x0bfc  Psched - ok
10:17:10.0926 0x0bfc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:17:11.0036 0x0bfc  ql2300 - ok
10:17:11.0051 0x0bfc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:17:11.0098 0x0bfc  ql40xx - ok
10:17:11.0114 0x0bfc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:17:11.0161 0x0bfc  QWAVE - ok
10:17:11.0176 0x0bfc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:17:11.0208 0x0bfc  QWAVEdrv - ok
10:17:11.0223 0x0bfc  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
10:17:11.0254 0x0bfc  RapiMgr - ok
10:17:11.0254 0x0bfc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:17:11.0317 0x0bfc  RasAcd - ok
10:17:11.0317 0x0bfc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:17:11.0379 0x0bfc  RasAgileVpn - ok
10:17:11.0395 0x0bfc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:17:11.0442 0x0bfc  RasAuto - ok
10:17:11.0458 0x0bfc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:11.0520 0x0bfc  Rasl2tp - ok
10:17:11.0536 0x0bfc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:17:11.0614 0x0bfc  RasMan - ok
10:17:11.0614 0x0bfc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:11.0676 0x0bfc  RasPppoe - ok
10:17:11.0692 0x0bfc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:17:11.0739 0x0bfc  RasSstp - ok
10:17:11.0770 0x0bfc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:17:11.0833 0x0bfc  rdbss - ok
10:17:11.0848 0x0bfc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:17:11.0879 0x0bfc  rdpbus - ok
10:17:11.0879 0x0bfc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:11.0926 0x0bfc  RDPCDD - ok
10:17:11.0958 0x0bfc  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:17:11.0989 0x0bfc  RDPDR - ok
10:17:11.0989 0x0bfc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:17:12.0051 0x0bfc  RDPENCDD - ok
10:17:12.0067 0x0bfc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:17:12.0114 0x0bfc  RDPREFMP - ok
10:17:12.0129 0x0bfc  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:17:12.0161 0x0bfc  RdpVideoMiniport - ok
10:17:12.0176 0x0bfc  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:17:12.0208 0x0bfc  RDPWD - ok
10:17:12.0223 0x0bfc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:17:12.0254 0x0bfc  rdyboost - ok
10:17:12.0270 0x0bfc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:17:12.0333 0x0bfc  RemoteAccess - ok
10:17:12.0348 0x0bfc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:17:12.0411 0x0bfc  RemoteRegistry - ok
10:17:12.0411 0x0bfc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:17:12.0473 0x0bfc  RpcEptMapper - ok
10:17:12.0473 0x0bfc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:17:12.0504 0x0bfc  RpcLocator - ok
10:17:12.0536 0x0bfc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
10:17:12.0598 0x0bfc  RpcSs - ok
10:17:12.0614 0x0bfc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:17:12.0661 0x0bfc  rspndr - ok
10:17:12.0692 0x0bfc  [ ABCB5A38A0D85BDF69B7877E1AD1EED5, 44DF1A92E8FA53677A04C46088B0AD49F1F6A090820BE550A514C4FBFD91444D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:17:12.0754 0x0bfc  RTL8167 - ok
10:17:12.0754 0x0bfc  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:17:12.0801 0x0bfc  s3cap - ok
10:17:12.0801 0x0bfc  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] SamSs           C:\Windows\system32\lsass.exe
10:17:12.0833 0x0bfc  SamSs - ok
10:17:12.0848 0x0bfc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:17:12.0895 0x0bfc  sbp2port - ok
10:17:12.0911 0x0bfc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:17:12.0973 0x0bfc  SCardSvr - ok
10:17:12.0989 0x0bfc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:17:13.0036 0x0bfc  scfilter - ok
10:17:13.0083 0x0bfc  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
10:17:13.0145 0x0bfc  Schedule - ok
10:17:13.0161 0x0bfc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:17:13.0223 0x0bfc  SCPolicySvc - ok
10:17:13.0239 0x0bfc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:17:13.0270 0x0bfc  SDRSVC - ok
10:17:13.0286 0x0bfc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:17:13.0317 0x0bfc  secdrv - ok
10:17:13.0333 0x0bfc  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
10:17:13.0364 0x0bfc  seclogon - ok
10:17:13.0364 0x0bfc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:17:13.0426 0x0bfc  SENS - ok
10:17:13.0426 0x0bfc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:17:13.0458 0x0bfc  SensrSvc - ok
10:17:13.0473 0x0bfc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:17:13.0489 0x0bfc  Serenum - ok
10:17:13.0504 0x0bfc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:17:13.0536 0x0bfc  Serial - ok
10:17:13.0536 0x0bfc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:17:13.0567 0x0bfc  sermouse - ok
10:17:13.0583 0x0bfc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:17:13.0645 0x0bfc  SessionEnv - ok
10:17:13.0661 0x0bfc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:17:13.0692 0x0bfc  sffdisk - ok
10:17:13.0692 0x0bfc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:17:13.0723 0x0bfc  sffp_mmc - ok
10:17:13.0723 0x0bfc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:17:13.0754 0x0bfc  sffp_sd - ok
10:17:13.0770 0x0bfc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:17:13.0801 0x0bfc  sfloppy - ok
10:17:13.0833 0x0bfc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:17:13.0895 0x0bfc  SharedAccess - ok
10:17:13.0911 0x0bfc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:17:13.0973 0x0bfc  ShellHWDetection - ok
10:17:13.0989 0x0bfc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:17:14.0036 0x0bfc  SiSRaid2 - ok
10:17:14.0036 0x0bfc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:17:14.0083 0x0bfc  SiSRaid4 - ok
10:17:14.0098 0x0bfc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:17:14.0145 0x0bfc  Smb - ok
10:17:14.0161 0x0bfc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:17:14.0192 0x0bfc  SNMPTRAP - ok
10:17:14.0192 0x0bfc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:17:14.0223 0x0bfc  spldr - ok
10:17:14.0254 0x0bfc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
10:17:14.0301 0x0bfc  Spooler - ok
10:17:14.0426 0x0bfc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:17:14.0614 0x0bfc  sppsvc - ok
10:17:14.0645 0x0bfc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:17:14.0692 0x0bfc  sppuinotify - ok
10:17:14.0723 0x0bfc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:17:14.0770 0x0bfc  srv - ok
10:17:14.0786 0x0bfc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:17:14.0833 0x0bfc  srv2 - ok
10:17:14.0848 0x0bfc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:17:14.0879 0x0bfc  srvnet - ok
10:17:14.0895 0x0bfc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:17:14.0958 0x0bfc  SSDPSRV - ok
10:17:14.0973 0x0bfc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:17:15.0036 0x0bfc  SstpSvc - ok
10:17:15.0067 0x0bfc  [ E2496AF75B2099453D6DBCD91C600D2D, 4B00123F677F6998223B5C51ADFB44781348919BA154442146AA0542C36D76B9 ] StarMoney 10 OnlineUpdate C:\Program Files (x86)\StarMoney 10 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
10:17:15.0129 0x0bfc  StarMoney 10 OnlineUpdate - ok
10:17:15.0176 0x0bfc  [ 3BF022F8064A83A23DF90971DD78CA83, 85754DF1C6DE745ADF9A0BAB1948AFF2CA16C4569128DA90AF610D199E621BF4 ] StarMoney 9.0 OnlineUpdate C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
10:17:15.0239 0x0bfc  StarMoney 9.0 OnlineUpdate - ok
10:17:15.0270 0x0bfc  [ D2230317777033CD0456990BFC4994E5, 0F2F559593EAD7AB4596E67E9AE56E5ABF5C945201366CFC972357C22A4F776A ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:17:15.0317 0x0bfc  Stereo Service - ok
10:17:15.0333 0x0bfc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:17:15.0379 0x0bfc  stexstor - ok
10:17:15.0379 0x0bfc  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:17:15.0426 0x0bfc  StillCam - ok
10:17:15.0442 0x0bfc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:17:15.0504 0x0bfc  stisvc - ok
10:17:15.0520 0x0bfc  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:17:15.0551 0x0bfc  storflt - ok
10:17:15.0567 0x0bfc  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
10:17:15.0598 0x0bfc  StorSvc - ok
10:17:15.0598 0x0bfc  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:17:15.0645 0x0bfc  storvsc - ok
10:17:15.0645 0x0bfc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:17:15.0692 0x0bfc  swenum - ok
10:17:15.0708 0x0bfc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:17:15.0786 0x0bfc  swprv - ok
10:17:15.0864 0x0bfc  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
10:17:15.0958 0x0bfc  SysMain - ok
10:17:15.0973 0x0bfc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:17:16.0004 0x0bfc  TabletInputService - ok
10:17:16.0036 0x0bfc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:17:16.0098 0x0bfc  TapiSrv - ok
10:17:16.0114 0x0bfc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:17:16.0161 0x0bfc  TBS - ok
10:17:16.0239 0x0bfc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:17:16.0348 0x0bfc  Tcpip - ok
10:17:16.0426 0x0bfc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:17:16.0504 0x0bfc  TCPIP6 - ok
10:17:16.0520 0x0bfc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:17:16.0551 0x0bfc  tcpipreg - ok
10:17:16.0567 0x0bfc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:17:16.0583 0x0bfc  TDPIPE - ok
10:17:16.0598 0x0bfc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:17:16.0614 0x0bfc  TDTCP - ok
10:17:16.0629 0x0bfc  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:17:16.0661 0x0bfc  tdx - ok
10:17:16.0676 0x0bfc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:17:16.0692 0x0bfc  TermDD - ok
10:17:16.0723 0x0bfc  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
10:17:16.0786 0x0bfc  TermService - ok
10:17:16.0786 0x0bfc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:17:16.0817 0x0bfc  Themes - ok
10:17:16.0833 0x0bfc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:17:16.0895 0x0bfc  THREADORDER - ok
10:17:16.0895 0x0bfc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:17:16.0958 0x0bfc  TrkWks - ok
10:17:16.0973 0x0bfc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:17:17.0036 0x0bfc  TrustedInstaller - ok
10:17:17.0051 0x0bfc  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:17.0083 0x0bfc  tssecsrv - ok
10:17:17.0083 0x0bfc  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:17:17.0114 0x0bfc  TsUsbFlt - ok
10:17:17.0129 0x0bfc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:17:17.0176 0x0bfc  tunnel - ok
10:17:17.0192 0x0bfc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:17:17.0239 0x0bfc  uagp35 - ok
10:17:17.0254 0x0bfc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:17:17.0317 0x0bfc  udfs - ok
10:17:17.0333 0x0bfc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:17:17.0364 0x0bfc  UI0Detect - ok
10:17:17.0379 0x0bfc  [ BC32AF0E8A4A6DCCD72D7734E8EF3191, B137A35AC53CCC14BF8F3C86F2F6E0A37720E4E553A3D6E0115F096FCD7F465A ] UI5IFS          C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys
10:17:17.0411 0x0bfc  UI5IFS - ok
10:17:17.0426 0x0bfc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:17:17.0473 0x0bfc  uliagpkx - ok
10:17:17.0473 0x0bfc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:17:17.0504 0x0bfc  umbus - ok
10:17:17.0520 0x0bfc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:17:17.0551 0x0bfc  UmPass - ok
10:17:17.0567 0x0bfc  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:17:17.0598 0x0bfc  UmRdpService - ok
10:17:17.0629 0x0bfc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:17:17.0692 0x0bfc  upnphost - ok
10:17:17.0708 0x0bfc  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:17:17.0739 0x0bfc  usbaudio - ok
10:17:17.0739 0x0bfc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:17.0770 0x0bfc  usbccgp - ok
10:17:17.0786 0x0bfc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:17:17.0833 0x0bfc  usbcir - ok
10:17:17.0848 0x0bfc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:17:17.0864 0x0bfc  usbehci - ok
10:17:17.0895 0x0bfc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:17:17.0926 0x0bfc  usbhub - ok
10:17:17.0942 0x0bfc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:17:17.0958 0x0bfc  usbohci - ok
10:17:17.0973 0x0bfc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:17:18.0020 0x0bfc  usbprint - ok
10:17:18.0036 0x0bfc  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
10:17:18.0051 0x0bfc  USBSTOR - ok
10:17:18.0067 0x0bfc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:17:18.0083 0x0bfc  usbuhci - ok
10:17:18.0098 0x0bfc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:17:18.0161 0x0bfc  UxSms - ok
10:17:18.0161 0x0bfc  [ 7FB33A9A2E6B6D5CA9318668B95CA69C, 5B5CDF8BF4F2C2ADBAD2A92C554C369C6A428B7DE4FEF74FE9198058C3B864A3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:17:18.0192 0x0bfc  VaultSvc - ok
10:17:18.0192 0x0bfc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:17:18.0223 0x0bfc  vdrvroot - ok
10:17:18.0254 0x0bfc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:17:18.0317 0x0bfc  vds - ok
10:17:18.0333 0x0bfc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:18.0364 0x0bfc  vga - ok
10:17:18.0364 0x0bfc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:17:18.0426 0x0bfc  VgaSave - ok
10:17:18.0442 0x0bfc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:17:18.0473 0x0bfc  vhdmp - ok
10:17:18.0489 0x0bfc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:17:18.0520 0x0bfc  viaide - ok
10:17:18.0536 0x0bfc  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:17:18.0598 0x0bfc  vmbus - ok
10:17:18.0598 0x0bfc  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:17:18.0645 0x0bfc  VMBusHID - ok
10:17:18.0645 0x0bfc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:17:18.0676 0x0bfc  volmgr - ok
10:17:18.0692 0x0bfc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:17:18.0739 0x0bfc  volmgrx - ok
10:17:18.0754 0x0bfc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:17:18.0786 0x0bfc  volsnap - ok
10:17:18.0801 0x0bfc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:17:18.0848 0x0bfc  vsmraid - ok
10:17:18.0911 0x0bfc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:17:19.0036 0x0bfc  VSS - ok
10:17:19.0051 0x0bfc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:17:19.0083 0x0bfc  vwifibus - ok
10:17:19.0098 0x0bfc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:17:19.0176 0x0bfc  W32Time - ok
10:17:19.0176 0x0bfc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:17:19.0223 0x0bfc  WacomPen - ok
10:17:19.0239 0x0bfc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:17:19.0286 0x0bfc  WANARP - ok
10:17:19.0301 0x0bfc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:17:19.0348 0x0bfc  Wanarpv6 - ok
10:17:19.0411 0x0bfc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:17:19.0473 0x0bfc  WatAdminSvc - ok
10:17:19.0551 0x0bfc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:17:19.0629 0x0bfc  wbengine - ok
10:17:19.0661 0x0bfc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:17:19.0692 0x0bfc  WbioSrvc - ok
10:17:19.0723 0x0bfc  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
10:17:19.0754 0x0bfc  WcesComm - ok
10:17:19.0770 0x0bfc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:17:19.0817 0x0bfc  wcncsvc - ok
10:17:19.0833 0x0bfc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:17:19.0864 0x0bfc  WcsPlugInService - ok
10:17:19.0864 0x0bfc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:17:19.0911 0x0bfc  Wd - ok
10:17:19.0942 0x0bfc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:17:20.0004 0x0bfc  Wdf01000 - ok
10:17:20.0020 0x0bfc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:17:20.0051 0x0bfc  WdiServiceHost - ok
10:17:20.0051 0x0bfc  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:17:20.0083 0x0bfc  WdiSystemHost - ok
10:17:20.0098 0x0bfc  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
10:17:20.0114 0x0fd4  Object required for P2P: [ 98BB62ABFD17F284C3C5DE40F8266F3C ] Avira.ServiceHost
10:17:20.0145 0x0bfc  WebClient - ok
10:17:20.0161 0x0bfc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:17:20.0223 0x0bfc  Wecsvc - ok
10:17:20.0239 0x0bfc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:17:20.0301 0x0bfc  wercplsupport - ok
10:17:20.0301 0x0bfc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:17:20.0364 0x0bfc  WerSvc - ok
10:17:20.0379 0x0bfc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:17:20.0426 0x0bfc  WfpLwf - ok
10:17:20.0426 0x0bfc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:17:20.0458 0x0bfc  WIMMount - ok
10:17:20.0458 0x0bfc  WinDefend - ok
10:17:20.0489 0x0bfc  WinHttpAutoProxySvc - ok
10:17:20.0504 0x0bfc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:17:20.0567 0x0bfc  Winmgmt - ok
10:17:20.0645 0x0bfc  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
10:17:20.0754 0x0bfc  WinRM - ok
10:17:20.0786 0x0bfc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.SYS
10:17:20.0801 0x0bfc  WinUsb - ok
10:17:20.0848 0x0bfc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:17:20.0911 0x0bfc  Wlansvc - ok
10:17:20.0926 0x0bfc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:17:20.0942 0x0bfc  WmiAcpi - ok
10:17:20.0973 0x0bfc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:17:21.0004 0x0bfc  wmiApSrv - ok
10:17:21.0020 0x0bfc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:17:21.0036 0x0bfc  WPCSvc - ok
10:17:21.0051 0x0bfc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:17:21.0083 0x0bfc  WPDBusEnum - ok
10:17:21.0098 0x0bfc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:17:21.0145 0x0bfc  ws2ifsl - ok
10:17:21.0161 0x0bfc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
10:17:21.0192 0x0bfc  wscsvc - ok
10:17:21.0208 0x0bfc  WSearch - ok
10:17:21.0301 0x0bfc  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:17:21.0442 0x0bfc  wuauserv - ok
10:17:21.0458 0x0bfc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:17:21.0489 0x0bfc  WudfPf - ok
10:17:21.0504 0x0bfc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:17:21.0520 0x0bfc  WUDFRd - ok
10:17:21.0536 0x0bfc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:17:21.0567 0x0bfc  wudfsvc - ok
10:17:21.0583 0x0bfc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:17:21.0629 0x0bfc  WwanSvc - ok
10:17:21.0629 0x0bfc  ================ Scan global ===============================
10:17:21.0645 0x0bfc  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
10:17:21.0661 0x0bfc  [ DE4812AB2E6926D0FF2423F3B774585A, 77604B47F2A91F77DDF778D8D362A0145636ED060596760ED55D76DD12E04B79 ] C:\Windows\system32\winsrv.dll
10:17:21.0708 0x0bfc  [ DE4812AB2E6926D0FF2423F3B774585A, 77604B47F2A91F77DDF778D8D362A0145636ED060596760ED55D76DD12E04B79 ] C:\Windows\system32\winsrv.dll
10:17:21.0723 0x0bfc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:17:21.0739 0x0bfc  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:17:21.0754 0x0bfc  [ Global ] - ok
10:17:21.0770 0x0bfc  ================ Scan MBR ==================================
10:17:21.0770 0x0bfc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:17:21.0879 0x0bfc  \Device\Harddisk0\DR0 - ok
10:17:21.0879 0x0bfc  [ B1F7D7F6E4FBE98E578562A22A94D02C ] \Device\Harddisk1\DR1
10:17:21.0973 0x0bfc  \Device\Harddisk1\DR1 - ok
10:17:21.0973 0x0bfc  ================ Scan VBR ==================================
10:17:21.0973 0x0bfc  [ 7ABBDC5E0554B5B160EA097E130C7AAC ] \Device\Harddisk0\DR0\Partition1
10:17:21.0973 0x0bfc  \Device\Harddisk0\DR0\Partition1 - ok
10:17:21.0989 0x0bfc  [ 18E7C33D5EB018E26E2F876B8E53331F ] \Device\Harddisk0\DR0\Partition2
10:17:21.0989 0x0bfc  \Device\Harddisk0\DR0\Partition2 - ok
10:17:21.0989 0x0bfc  [ 20283FAE27442AAE989CBBDB6B5DB086 ] \Device\Harddisk1\DR1\Partition1
10:17:22.0004 0x0bfc  \Device\Harddisk1\DR1\Partition1 - ok
10:17:22.0004 0x0bfc  ================ Scan generic autorun ======================
10:17:22.0036 0x0bfc  [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\Windows\WindowsMobile\wmdc.exe
10:17:22.0098 0x0bfc  Windows Mobile Device Center - ok
10:17:22.0098 0x0bfc  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
10:17:22.0129 0x0bfc  Logitech Download Assistant - ok
10:17:22.0161 0x0bfc  [ 1CE11C53E562D5F7EAFCF47E0E696516, 4E8264DB3CA9B2344905BC2CAE6A9E73190A3CCF3D154B3CBDAF4F73F8FCD64B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
10:17:22.0239 0x0bfc  avgnt - ok
10:17:22.0254 0x0bfc  [ 86069F4F421FB355C41FD734500E477F, CB4CE22C3298280B033105875079A373D7E1ADEA15F0F71A2095CCA50CF7E5A5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
10:17:22.0286 0x0bfc  Avira SystrayStartTrigger - ok
10:17:22.0301 0x0bfc  Sidebar - ok
10:17:22.0301 0x0bfc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:17:22.0333 0x0bfc  mctadmin - ok
10:17:22.0348 0x0bfc  Sidebar - ok
10:17:22.0348 0x0bfc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:17:22.0379 0x0bfc  mctadmin - ok
10:17:22.0379 0x0bfc  Waiting for KSN requests completion. In queue: 376
10:17:22.0536 0x0fd4  Object send P2P result: true
10:17:22.0567 0x0fd4  Object required for P2P: [ 63282F5EB7E5BFB58FD1EC93C6ADB457 ] MozillaMaintenance
10:17:23.0379 0x0bfc  Waiting for KSN requests completion. In queue: 238
10:17:24.0379 0x0bfc  Waiting for KSN requests completion. In queue: 238
10:17:24.0989 0x0fd4  Object send P2P result: true
10:17:25.0473 0x0bfc  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.16.273 ), 0x41000 ( enabled : updated )
10:17:25.0489 0x0bfc  Win FW state via NFP2: enabled ( trusted )
10:17:27.0895 0x0bfc  ============================================================
10:17:27.0895 0x0bfc  Scan finished
10:17:27.0895 0x0bfc  ============================================================
10:17:27.0911 0x09e4  Detected object count: 0
10:17:27.0911 0x09e4  Actual detected object count: 0

deeprybka · 14.04.2016, 10:55

Schritt 1

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

zeuss · 14.04.2016, 16:27

Hi Jürgen, hier der log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=185b47a0e7cf21418fb525e0a4abdb33
# end=init
# utc_time=2016-04-14 03:02:12
# local_time=2016-04-14 05:02:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29068
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=185b47a0e7cf21418fb525e0a4abdb33
# end=updated
# utc_time=2016-04-14 03:09:25
# local_time=2016-04-14 05:09:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1

deeprybka · 14.04.2016, 19:50

Hallo,
das Log ist nicht vollständig...

zeuss · 15.04.2016, 09:39

Sooo, jetzt aber

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=185b47a0e7cf21418fb525e0a4abdb33
# end=init
# utc_time=2016-04-14 03:02:12
# local_time=2016-04-14 05:02:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29068
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=185b47a0e7cf21418fb525e0a4abdb33
# end=updated
# utc_time=2016-04-14 03:09:25
# local_time=2016-04-14 05:09:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=185b47a0e7cf21418fb525e0a4abdb33
# engine=29068
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-04-15 08:33:21
# local_time=2016-04-15 10:33:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 90167 49153741 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 163552 212339051 0 0
# scanned=557223
# found=11
# cleaned=0
# scan_time=62635
sh=09D74D0EF67BF84CE32696FAF868B055D48D1E7E ft=1 fh=eed3292055fceda5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\ich\Downloads\Firefox - CHIP-Installer.exe"
sh=EDDF2047D27444CFA50BD780A7D42649588D47A6 ft=1 fh=d452dc3cbe028445 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\ich\Downloads\Paint NET - CHIP-Installer.exe"
sh=33863B8F2714327530FF72F5ED6F0DCC8740DDF2 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.A evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\ICH-PC\Backup Set 2014-04-18 131321\Backup Files 2014-07-02 074848\Backup files 51.zip"
sh=DBF25F0BD02EA42EC2BAC819C579B38C88A4300F ft=0 fh=0000000000000000 vn="JS/Kryptik.ARJ Trojaner" ac=I fn="L:\ICH-PC\Backup Set 2014-04-18 131321\Backup Files 2014-08-03 154513\Backup files 3.zip"
sh=73DEE1BFC6BA58E036C322C82117543FD4587354 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.D evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\ICH-PC\Backup Set 2014-04-18 131321\Backup Files 2015-03-02 101600\Backup files 4.zip"
sh=B2851888FA5960785A9B95C9304415322B0CEC89 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\ICH-PC\Backup Set 2015-05-04 132636\Backup Files 2015-06-07 094443\Backup files 53.zip"
sh=58495F0458EDDC16D9A14A6E84CEE9C61AAE5E52 ft=1 fh=85d80dff1da9eafb vn="Variante von Win32/Toolbar.Babylon.I evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4\BabMaint.x"
sh=56371D74005B39D794FF8F30891F27BACECA56C8 ft=1 fh=c3e79ff37423ee01 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4\BUSolution.dll"
sh=F5C514F93292C6B027DCB2898E0010C534428DDA ft=1 fh=5629cfffb69b4f20 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4\NPObject.dll"
sh=D74801A3D784CE4C906D84AAAD38FA617AB1D5F3 ft=1 fh=c71c0011e8464a4f vn="Variante von Win32/Injected.F Trojaner" ac=I fn="L:\Users\ich\Downloads\COMPUTER_BILD-Download-Manager_fuer_PP14_Pro_BEFIGSD_Trial.exe"
sh=1447092BA29779C726829611180994E17718C412 ft=1 fh=23f22b72eb3a5b90 vn="Win32/InstallMonetizer.AQ evtl. unerwÃ¼nschte Anwendung" ac=I fn="L:\Users\ich\Downloads\PDFCreator-1_7_2_setup_offline.exe"

deeprybka · 15.04.2016, 19:02

Aber Zeus sehe ich nirgends. Der Player war es auch nicht.
https://www.virustotal.com/de/file/3...0414/analysis/

Was genau steht denn in der Provider-Meldung? Hast Du mehrere PCs die bei dem Laufen?

zeuss · 16.04.2016, 09:13

Hallo Jürgen,

1und1 schrieb, dass sich auf einem Computer an meinem Anschluss der gefährliche Virus Zeuss befindet.

Ja, ich habe noch vier Systeme an dem Anschluss, aber der den wir hier geprüft haben ist der einzige Rechner, an dem es ein großes Problem wäre wenn er befallen wäre, daher war mir das wichtig, dass der zuerst gecheckt wird.

Zusätzlich laufen noch drei Smartphones und ein Tablet über den Anschluss.

Was jetzt ?

Wollen wir die auch mal alle durchschauen ?

Das Tablet meiner Frau wäre noch wichtig, läuft unter android 4.4.2.

Was ist mit all dem Müll den tdssk gefunden hat, werd ich das irgendwie los

Vielen Dank und schönes Wochenende.

Martin

10.04.2016, 19:43	#4
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mitteilung von 1&1 dass Zeus bei mir wohnt Bitte mal das Log oder nen Screenshot aus der Quarantäne von HitmanPro posten. __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

11.04.2016, 21:34	#6
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mitteilung von 1&1 dass Zeus bei mir wohnt HitmanPro starten, auf Einstellungen klicken. Dann Verlauf... __________________ --> Mitteilung von 1&1 dass Zeus bei mir wohnt

14.04.2016, 19:50	#12
deeprybka /// TB-Ausbilder /// Anleitungs-Guru	Mitteilung von 1&1 dass Zeus bei mir wohnt Hallo, das Log ist nicht vollständig... __________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Mitteilung von 1&1 dass Zeus bei mir wohnt

Plagegeister aller Art und deren Bekämpfung: Mitteilung von 1&1 dass Zeus bei mir wohnt