Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unsicher, ob ich mir einen UPS-Trojaner eingefangen habe (https://www.trojaner-board.de/165103-unsicher-ob-mir-ups-trojaner-eingefangen-habe.html)

Areuka 14.03.2015 20:53
Unsicher, ob ich mir einen UPS-Trojaner eingefangen habe
 
Hallo,

ich bekam vor kurzem eine Mail mit einer Ankündigung einer UPS-Sendung.

Depperterweise hatte ich es eilig und erwartete auch was von UPS, und hab dann ohne zu überlegen den angegebenen Link aufgemacht. Der öffnete eine Website, wo ich wiederum eine ZIP-Datei öffnen sollte. Zum Glück hab ich an der Stelle grade noch geschaltet und realisiert, daß UPS es nie so kompliziert machen würde, und nix runtergeladen. Als ich mir die Mail nochmal genauer ansah war klar, daß es ein Fake war - Absender war nicht UPS, sondern irgendwer (evtl. ein gekaperter Mailaccount).

Fast zeitgleich kam eine Warnmeldung von Malwarebytes, daß ein Trojaner (Trojan.MSIL.ED) gefunden und in Quarantäne gesteckt wurde.

Ich bin trotzdem etwas beunruhigt und wollte fragen, ob da nicht doch was zurückgeblieben sein kann.

Der Trojaner befand sich im Verzeichnis
C:\Users\Benutzername\AppData\Local\Temp\Rar$EXa0.002
es war eine EXE-Datei deren Name anfing mit "ups_kontrollnummer_%d..."

Das beunruhigt mich etwas, denn ich dachte immer, wenn ich nichts runterlade, sollte auch nichts auf der Festplatte landen.

Ich habe inzwischen eine Avira System Rescue CD laufenlassen, die hat 2x einen anderen Trojaner gefunden (Crypt.Xpack.66680), die befand sich in der Datei "thunderbird 24.6.0 (de) - 2014-06-19.pcv". Alle Funde wurden umbenannt. Ich vermute aber eher, daß dieser Thunderbird-Trojaner dem UPS-Trojaner zu tun hat. Ich habe die TB Version 36.0.1. installiert, die 24 ist also schon älter.

Malwarebytes hab ich auch nochmal laufen lassen, es hat dann nichts mehr gefunden.

Kann ich jetzt wirklich sicher sein, daß ich alles erwischt habe, oder sollte ich noch weitere Überprüfungen machen, und welche? Habe echt Schiß, daß ich durch diese UPS-Geschichte mir vielleicht doch noch was eingefangen hab und möchte gern sichergehen. Danke schon mal für Eure Hilfe.

schrauber 14.03.2015 21:15
Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Areuka 15.03.2015 13:11
So, hier sind die Files. Habe jetzt vom Desktop gestartet, außerdem hab ich vorher noch den Defogger laufen lassen, weil ich emulierte CD-laufwerke habe.

#
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Supidup (administrator) on SUPIDUP-PC on 15-03-2015 12:13:34
Running from C:\Users\Supidup\Desktop
Loaded Profiles: Supidup (Available profiles: Supidup)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Copernic Inc.) C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dell) C:\Users\Supidup\AppData\Local\Apps\2.0\HHBC2GCD.PRL\3MN87EL1.5GL\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\RFG\Brmfcmon\BrMfcWnd.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\RFG\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\RFG\Brmfcmon\BrMfcMon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
(H+H Software GmbH) C:\Program Files (x86)\Virtual CD v10\System\vc10tray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [613536 2010-12-17] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379040 2010-12-17] (Atheros Commnucations)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-15] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-10-01] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487561 2010-08-11] (Creative Technology Ltd)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\RFG\Brmfcmon\BrMfcWnd.exe [1163264 2010-12-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\RFG\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VC10Player] => C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe [411976 2011-10-19] (H+H Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704248 2015-03-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\Run: [Copernic Desktop Search - Home] => C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1692200 2013-01-28] (Copernic Inc.)
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\Run: [DellSystemDetect] => C:\Users\Supidup\AppData\Local\Apps\2.0\HHBC2GCD.PRL\3MN87EL1.5GL\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-21] (Dell)
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {22fcab13-35be-11e4-8007-e4d53d7acca6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\autorun.exe /auto
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {308cdba4-f1f7-11e3-8d3e-e4d53d7acca6} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {33f05333-2f1a-11e4-820a-e4d53d7acca6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {383e9681-ba85-11e4-86fa-e4d53d7acca6} - H:\AutoRun.exe
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {383e96b0-ba85-11e4-86fa-e4d53d7acca6} - H:\AutoRun.exe
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {48260956-40e8-11e4-b22a-e4d53d7acca6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorun.exe /auto
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {779f6b43-b6bc-11e4-bf00-e4d53d7acca6} - H:\AutoRun.exe
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {779f6b63-b6bc-11e4-bf00-e4d53d7acca6} - H:\AutoRun.exe
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {b6fa43e4-e0af-11e3-85b7-e4d53d7acca6} - G:\CDSetup.exe
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {f22cd729-3a0c-11e4-8c7f-e4d53d7acca6} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\autorun.exe /auto
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\MountPoints2: {faff30c7-e03a-11e3-aedf-806e6f6e6963} - D:\wubi.exe
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3604074103-3047729859-120938186-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3604074103-3047729859-120938186-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-14] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2010-12-17] (Atheros Commnucations)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-14] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3604074103-3047729859-120938186-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{513B3A71-FA2A-4F2F-AAC2-44DB827FDD51}: [NameServer] 194.132.32.32,46.246.46.246
Tcpip\..\Interfaces\{EE66E42B-BB2F-4D07-A195-3818500B9FA1}: [NameServer] 194.132.32.32,46.246.46.246

FireFox:
========
FF ProfilePath: C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3604074103-3047729859-120938186-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012-06-21] (Tracker Software Products (Canada) Ltd.)
FF Extension: Print pages to PDF - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\printPages2Pdf@reinhold.ripper [2014-06-19]
FF Extension: Flashblock - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-16]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-20]
FF Extension: Video Downloader professional - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-01-15]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-05-20]
FF Extension: NoScript - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-20]
FF Extension: ImTranslator - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2014-08-24]
FF Extension: Adblock Plus - C:\Users\Supidup\AppData\Roaming\Mozilla\Firefox\Profiles\qnnuhc8b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-05-23]
FF HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\Firefox\Extensions: [{57319509-7821-41B0-9FDF-3B58F146AE33}] - c:\program files (x86)\copernic desktop search - home\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files (x86)\copernic desktop search - home\firefoxconnector [2014-05-27]

Chrome:
=======
CHR Profile: C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-20]
CHR Extension: (Google Docs) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-20]
CHR Extension: (Google Drive) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-20]
CHR Extension: (YouTube) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-20]
CHR Extension: (APK Downloader) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-02-16]
CHR Extension: (Google Search) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-20]
CHR Extension: (Google Sheets) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-20]
CHR Extension: (Google Wallet) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-20]
CHR Extension: (Gmail) - C:\Users\Supidup\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "vdrv1000" service was unlocked successfully. <===== ATTENTION

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806192 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-03-03] (Avira Operations GmbH & Co. KG)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [151552 2010-10-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [53920 2010-12-17] (Atheros Commnucations) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 VC10SecS; C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe [144712 2011-10-19] (H+H Software GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-03] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-02-17] (Huawei Technologies Co., Ltd.)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2014-12-16] (G Data Software AG)
S3 HH10Help.sys; C:\Windows\system32\drivers\HH10Help.sys [24088 2009-07-09] (H+H Software GmbH)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [18456 2011-08-15] (HandSet Incorporated)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R1 vdrv1000; C:\Windows\System32\DRIVERS\vdrv1000.sys [223256 2011-04-19] (H+H Software GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 12:13 - 2015-03-15 12:14 - 00024514 _____ () C:\Users\Supidup\Desktop\FRST.txt
2015-03-15 12:13 - 2015-03-15 12:13 - 00000000 _____ () C:\Users\Supidup\defogger_reenable
2015-03-15 12:12 - 2015-03-15 12:12 - 00000248 _____ () C:\Users\Supidup\Desktop\defogger_enable.log
2015-03-15 12:10 - 2015-03-15 12:10 - 00000022 _____ () C:\Windows\S.dirmngr
2015-03-15 12:10 - 2015-03-15 12:10 - 00000000 ___RD () C:\Users\Supidup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-15 12:05 - 2015-03-15 12:13 - 00000476 _____ () C:\Users\Supidup\Desktop\defogger_disable.log
2015-03-15 12:04 - 2015-03-15 11:50 - 00050477 _____ () C:\Users\Supidup\Desktop\Defogger.exe
2015-03-15 11:52 - 2015-03-15 11:18 - 02095616 _____ (Farbar) C:\Users\Supidup\Desktop\FRST64.exe
2015-03-15 11:19 - 2015-03-15 12:13 - 00000000 ____D () C:\FRST
2015-03-11 03:35 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 03:35 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 03:35 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 03:35 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 03:35 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 03:35 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 03:35 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 03:35 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 03:35 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 03:35 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 03:35 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 03:35 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 03:35 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 03:35 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 03:35 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 03:35 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 03:35 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 03:35 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 03:35 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 03:35 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 03:35 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 03:35 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 03:35 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 03:35 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 03:35 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 03:35 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 03:35 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 03:34 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 03:34 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 03:34 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 03:34 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 03:34 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 03:34 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 03:34 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 03:34 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 03:34 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 03:34 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 03:34 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 03:34 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 03:34 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 03:34 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 03:34 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 03:34 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 03:34 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 03:34 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 03:34 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 03:34 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 03:34 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 03:34 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 03:34 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 03:34 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 03:34 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 03:34 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 03:34 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 03:34 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 03:34 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 03:34 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 03:34 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 03:34 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 03:34 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 03:34 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 03:34 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 03:34 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 03:34 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 03:34 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 03:34 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 03:34 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 03:34 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 03:34 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 03:34 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 03:34 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 03:34 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 03:34 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 03:34 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 03:34 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 03:34 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 03:34 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 03:34 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 03:34 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 03:34 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 03:34 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 03:34 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 03:34 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 03:34 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 03:34 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 03:34 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 03:34 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 03:34 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 03:34 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 03:34 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 03:34 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 03:34 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 03:34 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 03:34 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 03:34 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 03:34 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 03:34 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 03:34 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 03:34 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 03:34 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 03:34 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 03:34 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 03:34 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 03:34 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 03:34 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 03:34 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 03:34 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 03:34 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 03:34 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 03:34 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 03:34 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 03:34 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 03:34 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 03:34 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 03:34 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 03:34 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 03:34 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 03:34 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 03:34 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 03:34 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 03:34 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 03:34 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 03:34 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 03:34 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 03:33 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 03:33 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-06 15:03 - 2015-03-06 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 16:34 - 2015-03-04 16:34 - 00001110 _____ () C:\Users\Public\Desktop\CadStd.lnk
2015-03-04 16:34 - 2015-03-04 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CadStd
2015-03-04 16:34 - 2015-03-04 16:34 - 00000000 ____D () C:\Program Files (x86)\Apperson
2015-03-04 13:15 - 2015-03-04 13:15 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\SketchUp
2015-03-04 07:43 - 2015-03-04 07:43 - 00002158 _____ () C:\Users\Public\Desktop\Style Builder 2015.lnk
2015-03-04 07:43 - 2015-03-04 07:43 - 00002072 _____ () C:\Users\Public\Desktop\LayOut 2015.lnk
2015-03-04 07:43 - 2015-03-04 07:43 - 00001987 _____ () C:\Users\Public\Desktop\SketchUp 2015.lnk
2015-03-04 07:43 - 2015-03-04 07:43 - 00000000 ____D () C:\ProgramData\SketchUp
2015-03-04 07:43 - 2015-03-04 07:43 - 00000000 ____D () C:\ProgramData\Reprise
2015-03-04 07:43 - 2015-03-04 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
2015-03-04 07:43 - 2015-03-04 07:43 - 00000000 ____D () C:\Program Files\SketchUp
2015-03-02 18:06 - 2015-03-02 18:06 - 00003584 _____ () C:\Users\Supidup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-02 18:04 - 2015-03-02 18:04 - 00000000 ____D () C:\ProgramData\Creative
2015-02-25 15:53 - 2015-02-26 21:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-25 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-22 21:07 - 2015-02-22 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-02-22 21:07 - 2015-02-22 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-02-22 12:29 - 2015-02-22 21:10 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\.kde
2015-02-22 12:20 - 2015-02-22 12:20 - 00001079 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2015-02-22 12:20 - 2015-02-22 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2015-02-22 12:20 - 2009-02-17 20:40 - 00132608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2015-02-22 12:20 - 2008-12-30 11:59 - 00116224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbfake.sys
2015-02-22 12:20 - 2008-12-13 11:28 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2015-02-22 12:20 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2015-02-22 12:19 - 2015-02-22 12:28 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2015-02-22 08:03 - 2015-02-22 21:07 - 00000908 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-02-22 08:02 - 2015-02-22 21:06 - 00000000 ____D () C:\Program Files\OpenVPN
2015-02-22 08:02 - 2015-02-22 08:03 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-02-20 15:10 - 2015-02-20 15:10 - 00000000 ____D () C:\Users\Supidup\AppData\Local\_3_
2015-02-20 15:10 - 2015-02-20 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator
2015-02-20 15:10 - 2015-02-20 15:10 - 00000000 ____D () C:\Program Files (x86)\Passbild-Generator
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-02-14 13:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-14 13:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-14 13:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-14 13:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 12:13 - 2014-05-20 17:03 - 00000000 ____D () C:\Users\Supidup
2015-03-15 12:10 - 2014-09-20 08:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-15 12:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 12:10 - 2009-07-14 05:51 - 00071131 _____ () C:\Windows\setupact.log
2015-03-15 12:06 - 2009-07-14 05:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 12:06 - 2009-07-14 05:45 - 00031504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 12:05 - 2014-05-20 16:38 - 01390387 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 12:00 - 2010-11-21 04:47 - 00236580 _____ () C:\Windows\PFRO.log
2015-03-15 11:51 - 2014-11-13 09:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 11:48 - 2014-09-20 08:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 11:16 - 2014-05-21 02:33 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-03-15 11:16 - 2014-05-21 02:33 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-03-15 11:16 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 11:14 - 2014-05-23 07:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 20:43 - 2014-05-26 17:18 - 00000000 ___RD () C:\Sabine
2015-03-12 23:49 - 2014-09-20 08:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 04:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 03:31 - 2009-07-14 05:45 - 00460032 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:13 - 2014-05-20 21:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:13 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-12 03:07 - 2014-05-20 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:03 - 2014-05-20 18:12 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 03:24 - 2014-06-16 16:48 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401112874
2015-03-11 03:24 - 2014-05-26 15:01 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-10 13:32 - 2014-09-03 18:53 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\gnupg
2015-03-10 09:57 - 2014-09-02 07:12 - 00000000 ____D () C:\Users\Supidup\AppData\Local\Adobe
2015-03-10 08:48 - 2014-11-13 09:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-10 08:48 - 2014-05-26 21:21 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-10 08:48 - 2014-05-26 21:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-09 21:21 - 2014-05-20 18:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-09 21:07 - 2014-05-20 17:29 - 00000000 ____D () C:\Users\Supidup\AppData\Local\CrashDumps
2015-03-07 10:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-04 18:20 - 2014-05-20 23:36 - 00000432 _____ () C:\Windows\BRWMARK.INI
2015-03-04 13:09 - 2015-02-02 19:13 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\Skype
2015-03-03 10:58 - 2014-09-12 00:44 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-03 10:58 - 2014-09-12 00:44 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-03 10:58 - 2014-09-12 00:44 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-02 19:13 - 2014-10-25 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReOrganize!
2015-03-02 19:13 - 2014-10-25 14:35 - 00000000 ____D () C:\Program Files (x86)\ReOrganize!
2015-03-02 17:50 - 2014-09-09 20:48 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\foobar2000
2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 07:13 - 2014-09-24 15:12 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\vlc
2015-02-23 00:24 - 2014-08-22 20:20 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\XnView
2015-02-22 20:57 - 2014-09-04 17:56 - 00000000 ____D () C:\Users\Supidup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn
2015-02-17 16:24 - 2014-09-21 09:41 - 00000000 ____D () C:\Program Files\ZTE Handset USB Driver
2015-02-17 16:24 - 2014-09-06 12:07 - 00000000 ____D () C:\Windows\InnoTipLanguage
2015-02-17 16:24 - 2014-09-06 11:47 - 00000000 ____D () C:\Users\Supidup\.android
2015-02-16 13:19 - 2014-05-20 17:23 - 00130648 _____ () C:\Users\Supidup\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-15 13:32 - 2014-05-26 17:14 - 00000000 ____D () C:\ProgramData\firebird
2015-02-14 19:20 - 2014-05-21 06:28 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-14 19:20 - 2014-05-21 06:27 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-14 19:19 - 2014-10-16 15:41 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-14 19:19 - 2014-10-16 15:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-14 19:19 - 2014-10-16 15:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-14 19:19 - 2014-10-16 15:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-14 19:19 - 2014-10-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-14 13:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-14 13:19 - 2014-09-07 21:35 - 00001618 _____ () C:\Windows\Sandboxie.ini

==================== Files in the root of some directories =======

2014-07-30 07:46 - 2014-07-30 09:11 - 0000184 ____H () C:\Users\Supidup\AppData\Roaming\eSReg.ini
2015-03-02 18:06 - 2015-03-02 18:06 - 0003584 _____ () C:\Users\Supidup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-03 21:08 - 2014-09-03 21:08 - 0001278 _____ () C:\Users\Supidup\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Supidup\AppData\Local\Temp\AskSLib.dll
C:\Users\Supidup\AppData\Local\Temp\avgnt.exe
C:\Users\Supidup\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Supidup\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Supidup\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Supidup\AppData\Local\Temp\ResetDevice.exe
C:\Users\Supidup\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Supidup\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Supidup\AppData\Local\Temp\vsdel.exe
C:\Users\Supidup\AppData\Local\Temp\_isB402.exe
C:\Users\Supidup\AppData\Local\Temp\_isD615.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 00:34

==================== End Of Log ============================
--- --- ---

--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Supidup at 2015-03-15 12:15:04
Running from C:\Users\Supidup\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.17 - STMicroelectronics)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon Kindle (HKU\S-1-5-21-3604074103-3047729859-120938186-1000\...\Amazon Kindle) (Version:  - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.644 - Avira)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.45 - Atheros Communications)
CadStd (HKLM-x32\...\CadStd) (Version: 3.7.5 - Apperson & Daughters)
calibre (HKLM-x32\...\{A2A971DE-C864-4CF0-8FCA-FF7F569D8476}) (Version: 1.43.0 - Kovid Goyal)
Copernic Desktop Search - Home (HKLM-x32\...\CopernicDesktopSearch2) (Version:  - Copernic Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.2.5.2 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.33 - Creative Technology Ltd)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DigitalPersona Fingerprint Software 5.20 (HKLM\...\{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}) (Version: 5.20.230 - DigitalPersona, Inc.)
Dir-It! (HKLM-x32\...\{E3ED49BB-0544-4844-B296-6A0CB28E7BE3}) (Version: 4.02.0000 - Wirth IT Design)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141009 - Landesfinanzdirektion Thüringen)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
ffdshow v1.1.3562 [2010-09-07] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3562.0 - )
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design)
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
MailStore Home 8.2.1.10082 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.302.09.00.03 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
Mp3tag v2.64 (HKLM-x32\...\Mp3tag) (Version: v2.64 - Florian Heidenreich)
Multi-Function Suite TYPE 1200SF (HKLM-x32\...\{22D987F7-DEE0-42C3-B111-E0B9B5D6E616}) (Version: 1.0.6.0 - RFG)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
Passbild-Generator v4.0a (HKLM-x32\...\Passbild-Generator_is1) (Version:  - Passbild-Generator)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.203.0 - Tracker Software Products Ltd)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.74 - Denis Kozlov)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
ReOrganize! (HKLM-x32\...\ReOrganize_is1) (Version: 2.3.1 - Oliver Frietsch)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 2015 (HKLM\...\{A83795B9-570F-40FF-ACB4-710B568EBA22}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Validity Sensors DDK (HKLM\...\{10AAF056-7792-497A-ACAF-3BF002196574}) (Version: 4.3.33.0 - Validity Sensors, Inc.)
Virtual CD v10 (HKLM-x32\...\{10C51313-A308-4B40-90E3-B368D5882660}) (Version: 10.10.14 - H+H Software GmbH)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/11/2009 2.0.0010.00002) (HKLM\...\BD9D4C72E215B5B7A0FD049943B35C492600C0AF) (Version: 08/11/2009 2.0.0010.00002 - Google, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XnView 2.25 (HKLM-x32\...\XnView_is1) (Version: 2.25 - Gougelet Pierre-e)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.9B05 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-03-2015 22:35:16 Windows Update
04-03-2015 07:41:47 SketchUp 2015 wurde installiert
11-03-2015 03:28:46 Windows Update
12-03-2015 03:00:35 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B55249E-20A3-40B4-97FA-C6324261E843} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {12DD0378-745D-4A23-8976-833E960127D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {2FDAB5C6-8BDB-4D96-901D-B5C3D60C19D6} - System32\Tasks\{896F7CC6-2253-4431-BBC4-6DC0560773EC} => pcalua.exe -a C:\temp\z52698Le\SP1200SF_EU_NA_AP_Drivers_Utilities\mflpro_win7\Data\Disk1\setup.exe -d C:\temp\z52698Le\SP1200SF_EU_NA_AP_Drivers_Utilities\mflpro_win7\Data\Disk1
Task: {48E7F1AA-E3EB-4952-9968-E028035932E0} - System32\Tasks\Opera scheduled Autoupdate 1401112874 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-10] (Opera Software)
Task: {7537AC8A-7AFE-4869-8ABB-3D546AE6C9AF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-20] (Google Inc.)
Task: {91CFBB5A-A3B7-489E-8FD6-10487A02D3EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-10] (Adobe Systems Incorporated)
Task: {92AB185E-5383-4373-A9EB-AE1EDAC637AA} - System32\Tasks\{668AB512-C91D-434E-801F-F98B341F56B4} => pcalua.exe -a C:\temp\z52698Le\SP1200SF_EU_NA_AP_Drivers_Utilities\mflpro\Data\Disk1\setup.exe -d C:\temp\z52698Le\SP1200SF_EU_NA_AP_Drivers_Utilities\mflpro\Data\Disk1
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-10-07 15:54 - 2013-10-07 15:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-20 17:21 - 2010-11-29 03:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-27 17:55 - 2010-10-01 08:49 - 00727664 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-10-07 15:49 - 2013-10-07 15:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 15:47 - 2013-10-07 15:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 15:44 - 2013-10-07 15:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-05-21 05:37 - 2008-08-18 15:08 - 00050688 _____ () C:\Program Files (x86)\Virtual CD v10\System\ogg.dll
2014-05-21 05:37 - 2008-08-18 15:11 - 01237504 _____ () C:\Program Files (x86)\Virtual CD v10\System\vorbis.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-03 19:07 - 2014-12-03 19:07 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
2015-02-04 21:51 - 2015-02-04 21:51 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2014-10-16 02:52 - 2014-10-16 02:52 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2014-05-20 17:20 - 2010-11-05 22:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3604074103-3047729859-120938186-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Supidup\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1 - 194.132.32.32

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3604074103-3047729859-120938186-500 - Administrator - Disabled)
Gast (S-1-5-21-3604074103-3047729859-120938186-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3604074103-3047729859-120938186-1002 - Limited - Enabled)
Supidup (S-1-5-21-3604074103-3047729859-120938186-1000 - Administrator - Enabled) => C:\Users\Supidup

==================== Faulty Device Manager Devices =============

Name: USB To LAN Converter
Description: USB To LAN Converter
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/15/2015 00:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2015 00:01:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2015 11:54:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (03/15/2015 11:14:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: vc10extse64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4cc011aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007feecba7aa8
ID des fehlerhaften Prozesses: 0xccc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (03/14/2015 04:28:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/14/2015 04:28:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/14/2015 03:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 01:43:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/13/2015 01:43:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/13/2015 01:24:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (03/15/2015 00:06:25 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (03/13/2015 02:53:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/12/2015 03:32:31 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (03/05/2015 06:36:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.

Error: (03/02/2015 07:34:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR21 gefunden.

Error: (03/02/2015 07:02:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR14 gefunden.

Error: (03/02/2015 06:46:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR11 gefunden.

Error: (03/02/2015 05:57:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.

Error: (02/26/2015 10:09:58 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.

Error: (02/25/2015 03:16:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}


Microsoft Office Sessions:
=========================
Error: (03/15/2015 00:11:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2015 00:01:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2015 11:54:16 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\$Recycle.Bin\S-1-5-21-3604074103-3047729859-120938186-1000\$R5YDPIY.exeC:\$Recycle.Bin\S-1-5-21-3604074103-3047729859-120938186-1000\$R5YDPIY.exe0

Error: (03/15/2015 11:14:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4vc10extse64.dll_unloaded0.0.0.04cc011aac0000005000007feecba7aa8ccc01d05e89d90018baC:\Windows\Explorer.EXEvc10extse64.dll08e1a9ae-cafc-11e4-a7dd-e4d53d7acca6

Error: (03/14/2015 04:28:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\virtual cd v10\API\examples\MFC\vcdapitest\Debug\x64\VcdAPITest64.exe

Error: (03/14/2015 04:28:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\virtual cd v10\API\examples\MFC\vcdapitest\Debug\VcdAPITest.exe

Error: (03/14/2015 03:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2015 01:43:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\virtual cd v10\API\examples\MFC\vcdapitest\Debug\x64\VcdAPITest64.exe

Error: (03/13/2015 01:43:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\virtual cd v10\API\examples\MFC\vcdapitest\Debug\VcdAPITest.exe

Error: (03/13/2015 01:24:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\virtual cd v10\API\examples\MFC\vcdapitest\Debug\x64\VcdAPITest64.exe


CodeIntegrity Errors:
===================================
  Date: 2014-05-21 00:40:33.452
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\nusb3hub.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-21 00:40:33.405
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\nusb3hub.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8086.17 MB
Available physical RAM: 5153.59 MB
Total Pagefile: 9108.36 MB
Available Pagefile: 6125.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:73.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 482F9AB4)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---


Sorry, der erste Beitrag ließ sich nicht mehr editieren, deshalb den Nachtrag als eigener Post.

Habe jetzt gemäß Eurer Anleitung auch einen Quickscan mit GMER gemacht (im abgesicherten Modus, da er im normalen immer abbrach).

Wenn ich richtig gegoogelt hab, stammen die Einträge mit "vdrv1000" vermutlich von von VirtualCD (ist installiert). Das sollte wohl ok sein, oder? Nur die Einträge mit "\BTHPORT" kann ich nicht einordnen, ob das gefährlich ist.

Hier der Log:

#
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-15 12:55:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Supidup\AppData\Local\Temp\pflirfod.sys


---- Registry - GMER 2.1 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e4d53d7acca6                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e4d53d7acca6 (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                                        C:\Windows\system32\drivers\VDRV1000.SYS
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                                                SCSI Miniport
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                                            system32\DRIVERS\vdrv1000.sys
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                                        1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                                                1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                                                1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                                                  66
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)                       
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                                          1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                                    1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@INITSTARTFAILED                                1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                                              {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)     
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@0                            1
Reg  HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)                   

---- EOF - GMER 2.1 ----
--- --- ---

schrauber 15.03.2015 17:58
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Areuka 15.03.2015 23:08
Danke! Hab jetzt mbar laufen lassen, hier der Log:

#
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.03.15.05
rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Supidup :: SUPIDUP-PC [administrator]

15.03.2015 22:46:58
mbar-log-2015-03-15 (22-46-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 356507
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Das Ergebnis von TDSSKiller:

#
23:03:04.0114 0x1500 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:03:19.0044 0x1500 ============================================================
23:03:19.0044 0x1500 Current date / time: 2015/03/15 23:03:19.0044
23:03:19.0044 0x1500 SystemInfo:
23:03:19.0044 0x1500
23:03:19.0044 0x1500 OS Version: 6.1.7601 ServicePack: 1.0
23:03:19.0044 0x1500 Product type: Workstation
23:03:19.0044 0x1500 ComputerName: SUPIDUP-PC
23:03:19.0044 0x1500 UserName: Supidup
23:03:19.0044 0x1500 Windows directory: C:\Windows
23:03:19.0044 0x1500 System windows directory: C:\Windows
23:03:19.0044 0x1500 Running under WOW64
23:03:19.0044 0x1500 Processor architecture: Intel x64
23:03:19.0044 0x1500 Number of processors: 4
23:03:19.0044 0x1500 Page size: 0x1000
23:03:19.0044 0x1500 Boot type: Normal boot
23:03:19.0044 0x1500 ============================================================
23:03:19.0449 0x1500 KLMD registered as C:\Windows\system32\drivers\93955825.sys
23:03:19.0792 0x1500 System UUID: {28E860CD-CDE0-5A2A-14CB-F7A49EF6DAE7}
23:03:20.0214 0x1500 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:03:20.0229 0x1500 ============================================================
23:03:20.0229 0x1500 \Device\Harddisk0\DR0:
23:03:20.0229 0x1500 MBR partitions:
23:03:20.0229 0x1500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
23:03:20.0229 0x1500 ============================================================
23:03:20.0245 0x1500 C: <-> \Device\Harddisk0\DR0\Partition1
23:03:20.0245 0x1500 ============================================================
23:03:20.0245 0x1500 Initialize success
23:03:20.0245 0x1500 ============================================================
23:04:15.0219 0x0b40 ============================================================
23:04:15.0219 0x0b40 Scan started
23:04:15.0219 0x0b40 Mode: Manual; SigCheck; TDLFS;
23:04:15.0219 0x0b40 ============================================================
23:04:15.0219 0x0b40 KSN ping started
23:04:30.0102 0x0b40 KSN ping finished: true
23:04:30.0866 0x0b40 ================ Scan system memory ========================
23:04:30.0866 0x0b40 System memory - ok
23:04:30.0866 0x0b40 ================ Scan services =============================
23:04:30.0991 0x0b40 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:04:31.0053 0x0b40 1394ohci - ok
23:04:31.0131 0x0b40 [ AEDB94A49236F5FF060C90E09E70281F, 111ADF5A4B19A31A86DD9D62F06C065B983A11E3286BA973D0080FBB38D2E514 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
23:04:31.0147 0x0b40 Acceler - ok
23:04:31.0178 0x0b40 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:04:31.0194 0x0b40 ACPI - ok
23:04:31.0225 0x0b40 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:04:31.0240 0x0b40 AcpiPmi - ok
23:04:31.0334 0x0b40 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:04:31.0350 0x0b40 AdobeARMservice - ok
23:04:31.0474 0x0b40 [ 887C79A2D1C790BC2DCFDA31DF9BAD65, A16076406EC6542826C8111EBC6FF54364751FDB32624CED143E6C3E02D2E160 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:04:31.0490 0x0b40 AdobeFlashPlayerUpdateSvc - ok
23:04:31.0537 0x0b40 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:04:31.0552 0x0b40 adp94xx - ok
23:04:31.0584 0x0b40 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:04:31.0615 0x0b40 adpahci - ok
23:04:31.0615 0x0b40 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:04:31.0630 0x0b40 adpu320 - ok
23:04:31.0662 0x0b40 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:04:31.0693 0x0b40 AeLookupSvc - ok
23:04:31.0771 0x0b40 [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:04:31.0786 0x0b40 AERTFilters - ok
23:04:31.0818 0x0b40 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
23:04:31.0864 0x0b40 AFD - ok
23:04:31.0927 0x0b40 [ 48008D4EA73C1058F36D323A644410D4, D0219AE0197BBD4C7BD75CD7564013B11497562F71C97918856B176942D86F65 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
23:04:31.0927 0x0b40 AgereModemAudio - ok
23:04:32.0036 0x0b40 [ D7CF6568AA20A5B5CDBFECD097B615DB, 3562A62BAC2DFF2A8766BE129109BFEDF54AE09C63D65C93E9FE4ACDEA82B6AC ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
23:04:32.0114 0x0b40 AgereSoftModem - ok
23:04:32.0145 0x0b40 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
23:04:32.0161 0x0b40 agp440 - ok
23:04:32.0176 0x0b40 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:04:32.0208 0x0b40 ALG - ok
23:04:32.0223 0x0b40 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
23:04:32.0239 0x0b40 aliide - ok
23:04:32.0254 0x0b40 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
23:04:32.0254 0x0b40 amdide - ok
23:04:32.0286 0x0b40 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:04:32.0301 0x0b40 AmdK8 - ok
23:04:32.0317 0x0b40 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:04:32.0332 0x0b40 AmdPPM - ok
23:04:32.0364 0x0b40 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:04:32.0379 0x0b40 amdsata - ok
23:04:32.0395 0x0b40 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:04:32.0410 0x0b40 amdsbs - ok
23:04:32.0426 0x0b40 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:04:32.0426 0x0b40 amdxata - ok
23:04:32.0504 0x0b40 [ 35CCC725A117FD966ADFDE0FDF663C60, 282A07AA3D609E6978E6BF79EF0CDF3FE6A25CFAA433F9F2DD8710F2E4ED4BAA ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
23:04:32.0520 0x0b40 AntiVirMailService - ok
23:04:32.0566 0x0b40 [ B5975B61C97F4E47C129CDE76AFF84D4, 0494273946B6DEACC6C6F3AF70F90467A07CB127A5CBD223D4F3450A03C259C3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:04:32.0582 0x0b40 AntiVirSchedulerService - ok
23:04:32.0613 0x0b40 [ B5975B61C97F4E47C129CDE76AFF84D4, 0494273946B6DEACC6C6F3AF70F90467A07CB127A5CBD223D4F3450A03C259C3 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:04:32.0629 0x0b40 AntiVirService - ok
23:04:32.0660 0x0b40 [ 90E78AD249819ED06951B5B7C0C010A5, 0C387514BAA3F413040E6A0A6F0BFEF12C63AA484AFC3C238A2677BA51661C5D ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
23:04:32.0691 0x0b40 AntiVirWebService - ok
23:04:32.0738 0x0b40 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
23:04:32.0785 0x0b40 AppID - ok
23:04:32.0800 0x0b40 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:04:32.0816 0x0b40 AppIDSvc - ok
23:04:32.0863 0x0b40 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
23:04:32.0878 0x0b40 Appinfo - ok
23:04:32.0925 0x0b40 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
23:04:32.0956 0x0b40 AppMgmt - ok
23:04:32.0972 0x0b40 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
23:04:32.0988 0x0b40 arc - ok
23:04:33.0003 0x0b40 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:04:33.0019 0x0b40 arcsas - ok
23:04:33.0097 0x0b40 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:04:33.0097 0x0b40 aspnet_state - ok
23:04:33.0112 0x0b40 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:04:33.0159 0x0b40 AsyncMac - ok
23:04:33.0222 0x0b40 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
23:04:33.0237 0x0b40 atapi - ok
23:04:33.0253 0x0b40 [ CBE61B4494165F458BD87E37181EE934, E95654DCC0F977A3604B6BE435BEE109AC8F9F7494FD3A132F5FB477BBF7B105 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
23:04:33.0284 0x0b40 AthBTPort - ok
23:04:33.0300 0x0b40 [ 4119870B90E1B5E7797D6433D21F9216, 5CDA3748A6C89B1046173F20D857D164F4170A5028370B5BB9843212CEA86C8F ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
23:04:33.0315 0x0b40 ATHDFU - ok
23:04:33.0346 0x0b40 [ 67B8BD46E8626C348688930244761DAB, 3A835DEB0903264BAF3C7D6E66BAD44B0FE4827B0B91C332219CBD25E4720133 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
23:04:33.0362 0x0b40 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
23:04:35.0796 0x0b40 Detect skipped due to KSN trusted
23:04:35.0796 0x0b40 Atheros Bt&Wlan Coex Agent - ok
23:04:35.0905 0x0b40 [ 8430ED17CEF0D7878B25776E02508957, D01196844C97E42383C555A58C6938EAC46CCE37E1DA80E8D03DF8763847247A ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
23:04:35.0921 0x0b40 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:04:38.0339 0x0b40 Detect skipped due to KSN trusted
23:04:38.0339 0x0b40 AtherosSvc - ok
23:04:38.0495 0x0b40 [ 782D36BAD8DDBF008D02E055DBE70F82, AFB7A4B52C86A9CA48ED46A2CE5415119F1C75912A0E233EF1CAE120DA534CAE ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:04:38.0588 0x0b40 athr - ok
23:04:38.0666 0x0b40 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:04:38.0697 0x0b40 AudioEndpointBuilder - ok
23:04:38.0729 0x0b40 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:04:38.0744 0x0b40 AudioSrv - ok
23:04:38.0775 0x0b40 [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:04:38.0791 0x0b40 avgntflt - ok
23:04:38.0822 0x0b40 [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:04:38.0838 0x0b40 avipbb - ok
23:04:38.0853 0x0b40 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:04:38.0869 0x0b40 avkmgr - ok
23:04:38.0885 0x0b40 [ 13253E5E3B6BDF945B63B336A8C9489B, 671C716E43F89D4BDDAA2BE045CDEBBB569C85BC2BA334E1F550187B79A7740D ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
23:04:38.0885 0x0b40 avnetflt - ok
23:04:38.0916 0x0b40 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:04:38.0947 0x0b40 AxInstSV - ok
23:04:38.0994 0x0b40 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:04:39.0009 0x0b40 b06bdrv - ok
23:04:39.0056 0x0b40 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:04:39.0087 0x0b40 b57nd60a - ok
23:04:39.0103 0x0b40 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:04:39.0134 0x0b40 BDESVC - ok
23:04:39.0150 0x0b40 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:04:39.0181 0x0b40 Beep - ok
23:04:39.0228 0x0b40 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
23:04:39.0275 0x0b40 BFE - ok
23:04:39.0321 0x0b40 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
23:04:39.0384 0x0b40 BITS - ok
23:04:39.0415 0x0b40 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:04:39.0446 0x0b40 blbdrive - ok
23:04:39.0477 0x0b40 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:04:39.0493 0x0b40 bowser - ok
23:04:39.0524 0x0b40 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:04:39.0555 0x0b40 BrFiltLo - ok
23:04:39.0571 0x0b40 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:04:39.0587 0x0b40 BrFiltUp - ok
23:04:39.0618 0x0b40 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
23:04:39.0633 0x0b40 Browser - ok
23:04:39.0665 0x0b40 [ 6DF544E72FF139E8FBBBA6D0E569BEA5, 80B1D95F55E86CF442FCC3B2EF143C5E98F30FE809DC24A3CEE17D9D5EC1B7AC ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
23:04:39.0680 0x0b40 BrSerIb - ok
23:04:39.0711 0x0b40 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:04:39.0727 0x0b40 Brserid - ok
23:04:39.0758 0x0b40 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:04:39.0774 0x0b40 BrSerWdm - ok
23:04:39.0805 0x0b40 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:04:39.0821 0x0b40 BrUsbMdm - ok
23:04:39.0836 0x0b40 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:04:39.0867 0x0b40 BrUsbSer - ok
23:04:39.0883 0x0b40 [ 80082AD46578F0D3270D2E56D6433082, 8798F19B2966C24D122F03D34B605B660F676AC55535530D39FDE2BECAE09809 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
23:04:39.0899 0x0b40 BrUsbSIb - ok
23:04:39.0930 0x0b40 [ 227C8F308DE4AF4808E587465CEAB838, 7CF9FB82C979551E82F06F9D4003704E786CF2EAB4BE0836CB0BE9E735C48942 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
23:04:39.0961 0x0b40 BTATH_A2DP - ok
23:04:39.0992 0x0b40 [ A83A91D07D1FE6BBE7A9DB46CA00434B, 9EF851047189E13954C0F6A325E4843914C423C0D1EDAE21A34AB3A962BBD5AC ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
23:04:40.0023 0x0b40 BTATH_BUS - ok
23:04:40.0023 0x0b40 [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:04:40.0055 0x0b40 BTATH_HCRP - ok
23:04:40.0055 0x0b40 [ 0DEA505EFB5D771826D177EF8B8A208F, FD8027DA791F04077490749AC5A08F73CCBA1731462579AA9008CD8DD82FBBBC ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:04:40.0070 0x0b40 BTATH_LWFLT - ok
23:04:40.0086 0x0b40 [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
23:04:40.0117 0x0b40 BTATH_RCP - ok
23:04:40.0148 0x0b40 [ 486720DA2B3BB13D1080C83140C18B56, 19AE32903198E8183E4FD9E09151E8F1B3799BBCD693AB25DFD23C467FE3246D ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
23:04:40.0164 0x0b40 BtFilter - ok
23:04:40.0195 0x0b40 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:04:40.0211 0x0b40 BthEnum - ok
23:04:40.0226 0x0b40 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:04:40.0257 0x0b40 BTHMODEM - ok
23:04:40.0273 0x0b40 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:04:40.0289 0x0b40 BthPan - ok
23:04:40.0304 0x0b40 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:04:40.0335 0x0b40 BTHPORT - ok
23:04:40.0367 0x0b40 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:04:40.0413 0x0b40 bthserv - ok
23:04:40.0413 0x0b40 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:04:40.0445 0x0b40 BTHUSB - ok
23:04:40.0460 0x0b40 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:04:40.0507 0x0b40 cdfs - ok
23:04:40.0554 0x0b40 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:04:40.0569 0x0b40 cdrom - ok
23:04:40.0601 0x0b40 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
23:04:40.0647 0x0b40 CertPropSvc - ok
23:04:40.0663 0x0b40 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
23:04:40.0694 0x0b40 circlass - ok
23:04:40.0710 0x0b40 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
23:04:40.0725 0x0b40 CLFS - ok
23:04:40.0772 0x0b40 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:04:40.0788 0x0b40 clr_optimization_v2.0.50727_32 - ok
23:04:40.0819 0x0b40 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:04:40.0835 0x0b40 clr_optimization_v2.0.50727_64 - ok
23:04:40.0897 0x0b40 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:04:40.0913 0x0b40 clr_optimization_v4.0.30319_32 - ok
23:04:40.0959 0x0b40 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:04:41.0022 0x0b40 clr_optimization_v4.0.30319_64 - ok
23:04:41.0053 0x0b40 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:04:41.0069 0x0b40 CmBatt - ok
23:04:41.0084 0x0b40 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:04:41.0084 0x0b40 cmdide - ok
23:04:41.0147 0x0b40 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
23:04:41.0178 0x0b40 CNG - ok
23:04:41.0209 0x0b40 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:04:41.0209 0x0b40 Compbatt - ok
23:04:41.0240 0x0b40 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:04:41.0256 0x0b40 CompositeBus - ok
23:04:41.0256 0x0b40 COMSysApp - ok
23:04:41.0287 0x0b40 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:04:41.0287 0x0b40 crcdisk - ok
23:04:41.0349 0x0b40 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:04:41.0365 0x0b40 CryptSvc - ok
23:04:41.0396 0x0b40 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
23:04:41.0427 0x0b40 CSC - ok
23:04:41.0443 0x0b40 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
23:04:41.0474 0x0b40 CscService - ok
23:04:41.0490 0x0b40 [ 916F311A84B4D528694FD4D44B5EAB1B, F84B186626BA3F35BACB33071214ED24119A44B3A5199C8A6EF845CE835A9832 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:04:41.0521 0x0b40 CtClsFlt - ok
23:04:41.0537 0x0b40 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:04:41.0583 0x0b40 DcomLaunch - ok
23:04:41.0615 0x0b40 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:04:41.0661 0x0b40 defragsvc - ok
23:04:41.0661 0x0b40 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:04:41.0708 0x0b40 DfsC - ok
23:04:41.0724 0x0b40 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:04:41.0755 0x0b40 Dhcp - ok
23:04:41.0802 0x0b40 [ 05F99DFF3A8D705F9AA6B87224F7BEB1, DDE133A44A330A07A0EB961559C840BBFC9D9E0CCA27DE0B4284C76BCAD31EDE ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
23:04:41.0817 0x0b40 DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
23:04:44.0235 0x0b40 Detect skipped due to KSN trusted
23:04:44.0235 0x0b40 DirMngr - ok
23:04:44.0282 0x0b40 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:04:44.0313 0x0b40 discache - ok
23:04:44.0345 0x0b40 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
23:04:44.0360 0x0b40 Disk - ok
23:04:44.0376 0x0b40 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:04:44.0391 0x0b40 dmvsc - ok
23:04:44.0423 0x0b40 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:04:44.0438 0x0b40 Dnscache - ok
23:04:44.0469 0x0b40 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
23:04:44.0516 0x0b40 dot3svc - ok
23:04:44.0579 0x0b40 [ C43618154FC0C8480F53B04BA7A2F371, 400FFAF385030DBAC4D8EF6A5A88B1FCA52BE7BE5430069C99E56DED3471E7A6 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
23:04:44.0594 0x0b40 DpHost - ok
23:04:44.0610 0x0b40 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
23:04:44.0641 0x0b40 DPS - ok
23:04:44.0672 0x0b40 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:04:44.0703 0x0b40 drmkaud - ok
23:04:44.0735 0x0b40 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:04:44.0781 0x0b40 DXGKrnl - ok
23:04:44.0797 0x0b40 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:04:44.0828 0x0b40 EapHost - ok
23:04:44.0937 0x0b40 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:04:45.0062 0x0b40 ebdrv - ok
23:04:45.0125 0x0b40 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
23:04:45.0140 0x0b40 EFS - ok
23:04:45.0187 0x0b40 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:04:45.0234 0x0b40 ehRecvr - ok
23:04:45.0249 0x0b40 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:04:45.0265 0x0b40 ehSched - ok
23:04:45.0312 0x0b40 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:04:45.0343 0x0b40 elxstor - ok
23:04:45.0359 0x0b40 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:04:45.0374 0x0b40 ErrDev - ok
23:04:45.0421 0x0b40 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:04:45.0468 0x0b40 EventSystem - ok
23:04:45.0499 0x0b40 [ 251AF86E0A4DDF3A6B181ED5103B06B1, 1823E7C87F0D8972A89D71B1FB633C5D43744F9803E6A8B866F6EA610032437C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
23:04:45.0530 0x0b40 ewusbnet - ok
23:04:45.0546 0x0b40 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:04:45.0577 0x0b40 exfat - ok
23:04:45.0593 0x0b40 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:04:45.0639 0x0b40 fastfat - ok
23:04:45.0686 0x0b40 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
23:04:45.0717 0x0b40 Fax - ok
23:04:45.0749 0x0b40 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
23:04:45.0764 0x0b40 fdc - ok
23:04:45.0780 0x0b40 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:04:45.0811 0x0b40 fdPHost - ok
23:04:45.0827 0x0b40 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:04:45.0858 0x0b40 FDResPub - ok
23:04:45.0889 0x0b40 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:04:45.0889 0x0b40 FileInfo - ok
23:04:45.0905 0x0b40 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:04:45.0936 0x0b40 Filetrace - ok
23:04:45.0967 0x0b40 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:04:45.0967 0x0b40 flpydisk - ok
23:04:45.0998 0x0b40 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:04:46.0014 0x0b40 FltMgr - ok
23:04:46.0061 0x0b40 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
23:04:46.0123 0x0b40 FontCache - ok
23:04:46.0154 0x0b40 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:04:46.0170 0x0b40 FontCache3.0.0.0 - ok
23:04:46.0185 0x0b40 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:04:46.0201 0x0b40 FsDepends - ok
23:04:46.0217 0x0b40 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:04:46.0217 0x0b40 Fs_Rec - ok
23:04:46.0248 0x0b40 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:04:46.0263 0x0b40 fvevol - ok
23:04:46.0295 0x0b40 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:04:46.0295 0x0b40 gagp30kx - ok
23:04:46.0357 0x0b40 [ 3F6F2BEF3880C4CC9A381EE227DA0BBD, 26E7BD7DB254125904911B1E751710C645C770AAB089442678D7ACFC2CDEDB0E ] GDKBBlocker C:\Windows\system32\drivers\GDKBBlocker64.sys
23:04:46.0373 0x0b40 GDKBBlocker - ok
23:04:46.0404 0x0b40 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
23:04:46.0451 0x0b40 gpsvc - ok
23:04:46.0560 0x0b40 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:04:46.0560 0x0b40 gupdate - ok
23:04:46.0575 0x0b40 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:04:46.0575 0x0b40 gupdatem - ok
23:04:46.0591 0x0b40 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:04:46.0607 0x0b40 hcw85cir - ok
23:04:46.0653 0x0b40 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:04:46.0685 0x0b40 HdAudAddService - ok
23:04:46.0700 0x0b40 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:04:46.0731 0x0b40 HDAudBus - ok
23:04:46.0794 0x0b40 [ 62FB29642745DD290910BFD79537FCE0, 56206F936958082B3A2AD93E4E5C7EDA9518A6F12670C6F26EC7A35D0D5305DF ] HH10Help.sys C:\Windows\system32\drivers\HH10Help.sys
23:04:46.0794 0x0b40 HH10Help.sys - ok
23:04:46.0841 0x0b40 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:04:46.0856 0x0b40 HidBatt - ok
23:04:46.0872 0x0b40 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:04:46.0903 0x0b40 HidBth - ok
23:04:46.0919 0x0b40 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
23:04:46.0934 0x0b40 HidIr - ok
23:04:46.0950 0x0b40 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:04:46.0997 0x0b40 hidserv - ok
23:04:47.0028 0x0b40 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:04:47.0043 0x0b40 HidUsb - ok
23:04:47.0059 0x0b40 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:04:47.0090 0x0b40 hkmsvc - ok
23:04:47.0121 0x0b40 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:04:47.0137 0x0b40 HomeGroupListener - ok
23:04:47.0153 0x0b40 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:04:47.0168 0x0b40 HomeGroupProvider - ok
23:04:47.0199 0x0b40 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:04:47.0199 0x0b40 HpSAMD - ok
23:04:47.0231 0x0b40 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:04:47.0293 0x0b40 HTTP - ok
23:04:47.0324 0x0b40 [ 5651FBB74B1CE691BA1BE3E9D19D1BE1, 5CBB4C4C572B48068F79739A24A59FDBA8B53AA1C6DB72F60C4A452B5864470D ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
23:04:47.0355 0x0b40 huawei_enumerator - ok
23:04:47.0402 0x0b40 [ 4B5C07DB91A0099272FAAE732E1152BD, E0408F85A2E1E310F5143A01A34456F120875D21E0E9D0A9F9EBC96514CFC47C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:04:47.0449 0x0b40 hwdatacard - ok
23:04:47.0465 0x0b40 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:04:47.0480 0x0b40 hwpolicy - ok
23:04:47.0496 0x0b40 [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2, CCC979766A0717D61DE9B3B8A401A6C964FD08EE77332771A06A4978FC6FF88A ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
23:04:47.0511 0x0b40 hwusbfake - ok
23:04:47.0543 0x0b40 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:04:47.0558 0x0b40 i8042prt - ok
23:04:47.0589 0x0b40 [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:04:47.0605 0x0b40 iaStor - ok
23:04:47.0683 0x0b40 [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:04:47.0699 0x0b40 IAStorDataMgrSvc - ok
23:04:47.0745 0x0b40 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:04:47.0761 0x0b40 iaStorV - ok
23:04:47.0823 0x0b40 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:04:47.0855 0x0b40 idsvc - ok
23:04:47.0886 0x0b40 IEEtwCollectorService - ok
23:04:48.0198 0x0b40 [ 0AC9E321D604BE48A0D72B69BA484BDC, CAB41D696F86105ABC660DB66EFC602E81F725B809E821DE48912F2452EA8BEC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:04:48.0619 0x0b40 igfx - ok
23:04:48.0681 0x0b40 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:04:48.0681 0x0b40 iirsp - ok
23:04:48.0728 0x0b40 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
23:04:48.0775 0x0b40 IKEEXT - ok
23:04:48.0869 0x0b40 [ A9853214CC97796579D75B1F59C51DCD, 8BDF9FC1FB12ED5685C8BCB0173F0E2ACA8BD29A512380F905A26553FB6BFFF6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:04:48.0962 0x0b40 IntcAzAudAddService - ok
23:04:48.0978 0x0b40 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
23:04:48.0993 0x0b40 intelide - ok
23:04:49.0009 0x0b40 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:04:49.0040 0x0b40 intelppm - ok
23:04:49.0056 0x0b40 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:04:49.0103 0x0b40 IPBusEnum - ok
23:04:49.0118 0x0b40 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:04:49.0165 0x0b40 IpFilterDriver - ok
23:04:49.0212 0x0b40 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:04:49.0243 0x0b40 iphlpsvc - ok
23:04:49.0259 0x0b40 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:04:49.0274 0x0b40 IPMIDRV - ok
23:04:49.0305 0x0b40 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:04:49.0337 0x0b40 IPNAT - ok
23:04:49.0368 0x0b40 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:04:49.0383 0x0b40 IRENUM - ok
23:04:49.0399 0x0b40 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:04:49.0415 0x0b40 isapnp - ok
23:04:49.0446 0x0b40 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:04:49.0461 0x0b40 iScsiPrt - ok
23:04:49.0477 0x0b40 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:04:49.0493 0x0b40 kbdclass - ok
23:04:49.0508 0x0b40 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:04:49.0539 0x0b40 kbdhid - ok
23:04:49.0539 0x0b40 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
23:04:49.0555 0x0b40 KeyIso - ok
23:04:49.0602 0x0b40 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:04:49.0617 0x0b40 KSecDD - ok
23:04:49.0633 0x0b40 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:04:49.0649 0x0b40 KSecPkg - ok
23:04:49.0664 0x0b40 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:04:49.0711 0x0b40 ksthunk - ok
23:04:49.0727 0x0b40 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:04:49.0773 0x0b40 KtmRm - ok
23:04:49.0820 0x0b40 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:04:49.0851 0x0b40 LanmanServer - ok
23:04:49.0883 0x0b40 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:04:49.0914 0x0b40 LanmanWorkstation - ok
23:04:49.0945 0x0b40 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:04:49.0992 0x0b40 lltdio - ok
23:04:50.0023 0x0b40 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:04:50.0054 0x0b40 lltdsvc - ok
23:04:50.0070 0x0b40 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:04:50.0101 0x0b40 lmhosts - ok
23:04:50.0148 0x0b40 [ 7F32D4C47A50E7223491E8FB9359907D, 6D3F59A8D006BED3234697933D09C8EE8F7A9F4A4196CFA878F8E8A929B24CE5 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:04:50.0163 0x0b40 LMS - ok
23:04:50.0195 0x0b40 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:04:50.0210 0x0b40 LSI_FC - ok
23:04:50.0226 0x0b40 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:04:50.0241 0x0b40 LSI_SAS - ok
23:04:50.0257 0x0b40 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:04:50.0257 0x0b40 LSI_SAS2 - ok
23:04:50.0273 0x0b40 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:04:50.0288 0x0b40 LSI_SCSI - ok
23:04:50.0304 0x0b40 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:04:50.0335 0x0b40 luafv - ok
23:04:50.0413 0x0b40 [ 9B4B4838A6C8DC97416581C13CB6482C, 14EC024BF53917B839764367591466270C356EFDEA175C60A3E048D15C3C53ED ] massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
23:04:50.0413 0x0b40 massfilter_hs - ok
23:04:50.0460 0x0b40 [ 478CC94C937D235CB0A96AB8F2359D81, 1877AF93FD777F0D5BC02C0CD6E806A165991B6C77D424B13D2D77F8F9D1EFCC ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
23:04:50.0475 0x0b40 mbamchameleon - ok
23:04:50.0507 0x0b40 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:04:50.0507 0x0b40 MBAMProtector - ok
23:04:50.0585 0x0b40 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:04:50.0647 0x0b40 MBAMScheduler - ok
23:04:50.0694 0x0b40 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:04:50.0741 0x0b40 MBAMService - ok
23:04:50.0756 0x0b40 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:04:50.0772 0x0b40 MBAMWebAccessControl - ok
23:04:50.0787 0x0b40 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:04:50.0803 0x0b40 Mcx2Svc - ok
23:04:50.0819 0x0b40 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
23:04:50.0834 0x0b40 megasas - ok
23:04:50.0850 0x0b40 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:04:50.0865 0x0b40 MegaSR - ok
23:04:50.0897 0x0b40 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:04:50.0897 0x0b40 MEIx64 - ok
23:04:50.0928 0x0b40 Microsoft SharePoint Workspace Audit Service - ok
23:04:50.0943 0x0b40 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:04:50.0975 0x0b40 MMCSS - ok
23:04:50.0990 0x0b40 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:04:51.0021 0x0b40 Modem - ok
23:04:51.0037 0x0b40 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:04:51.0053 0x0b40 monitor - ok
23:04:51.0084 0x0b40 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:04:51.0099 0x0b40 mouclass - ok
23:04:51.0099 0x0b40 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:04:51.0131 0x0b40 mouhid - ok
23:04:51.0177 0x0b40 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:04:51.0193 0x0b40 mountmgr - ok
23:04:51.0224 0x0b40 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:04:51.0240 0x0b40 MozillaMaintenance - ok
23:04:51.0255 0x0b40 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
23:04:51.0271 0x0b40 mpio - ok
23:04:51.0287 0x0b40 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:04:51.0318 0x0b40 mpsdrv - ok
23:04:51.0365 0x0b40 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:04:51.0427 0x0b40 MpsSvc - ok
23:04:51.0489 0x0b40 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:04:51.0521 0x0b40 MRxDAV - ok
23:04:51.0536 0x0b40 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:04:51.0567 0x0b40 mrxsmb - ok
23:04:51.0583 0x0b40 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:04:51.0599 0x0b40 mrxsmb10 - ok
23:04:51.0614 0x0b40 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:04:51.0630 0x0b40 mrxsmb20 - ok
23:04:51.0661 0x0b40 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
23:04:51.0661 0x0b40 msahci - ok
23:04:51.0692 0x0b40 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:04:51.0708 0x0b40 msdsm - ok
23:04:51.0723 0x0b40 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:04:51.0739 0x0b40 MSDTC - ok
23:04:51.0755 0x0b40 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:04:51.0801 0x0b40 Msfs - ok
23:04:51.0801 0x0b40 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:04:51.0833 0x0b40 mshidkmdf - ok
23:04:51.0848 0x0b40 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:04:51.0848 0x0b40 msisadrv - ok
23:04:51.0879 0x0b40 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:04:51.0911 0x0b40 MSiSCSI - ok
23:04:51.0926 0x0b40 msiserver - ok
23:04:51.0942 0x0b40 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:04:51.0973 0x0b40 MSKSSRV - ok
23:04:51.0989 0x0b40 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:04:52.0020 0x0b40 MSPCLOCK - ok
23:04:52.0035 0x0b40 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:04:52.0067 0x0b40 MSPQM - ok
23:04:52.0082 0x0b40 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:04:52.0098 0x0b40 MsRPC - ok
23:04:52.0113 0x0b40 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:04:52.0113 0x0b40 mssmbios - ok
23:04:52.0129 0x0b40 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:04:52.0160 0x0b40 MSTEE - ok
23:04:52.0176 0x0b40 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:04:52.0191 0x0b40 MTConfig - ok
23:04:52.0207 0x0b40 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:04:52.0207 0x0b40 Mup - ok
23:04:52.0238 0x0b40 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
23:04:52.0285 0x0b40 napagent - ok
23:04:52.0316 0x0b40 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:04:52.0347 0x0b40 NativeWifiP - ok
23:04:52.0394 0x0b40 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
23:04:52.0441 0x0b40 NDIS - ok
23:04:52.0472 0x0b40 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:04:52.0503 0x0b40 NdisCap - ok
23:04:52.0503 0x0b40 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:04:52.0550 0x0b40 NdisTapi - ok
23:04:52.0566 0x0b40 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:04:52.0581 0x0b40 Ndisuio - ok
23:04:52.0597 0x0b40 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:04:52.0644 0x0b40 NdisWan - ok
23:04:52.0659 0x0b40 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:04:52.0691 0x0b40 NDProxy - ok
23:04:52.0706 0x0b40 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:04:52.0737 0x0b40 NetBIOS - ok
23:04:52.0769 0x0b40 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:04:52.0815 0x0b40 NetBT - ok
23:04:52.0815 0x0b40 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
23:04:52.0831 0x0b40 Netlogon - ok
23:04:52.0878 0x0b40 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:04:52.0909 0x0b40 Netman - ok
23:04:52.0956 0x0b40 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:52.0971 0x0b40 NetMsmqActivator - ok
23:04:52.0971 0x0b40 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:52.0987 0x0b40 NetPipeActivator - ok
23:04:53.0003 0x0b40 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:04:53.0065 0x0b40 netprofm - ok
23:04:53.0081 0x0b40 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:53.0081 0x0b40 NetTcpActivator - ok
23:04:53.0096 0x0b40 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:04:53.0112 0x0b40 NetTcpPortSharing - ok
23:04:53.0127 0x0b40 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:04:53.0143 0x0b40 nfrd960 - ok
23:04:53.0190 0x0b40 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:04:53.0221 0x0b40 NlaSvc - ok
23:04:53.0221 0x0b40 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:04:53.0252 0x0b40 Npfs - ok
23:04:53.0268 0x0b40 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:04:53.0299 0x0b40 nsi - ok
23:04:53.0315 0x0b40 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:04:53.0346 0x0b40 nsiproxy - ok
23:04:53.0393 0x0b40 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:04:53.0439 0x0b40 Ntfs - ok
23:04:53.0455 0x0b40 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:04:53.0471 0x0b40 Null - ok
23:04:53.0517 0x0b40 [ A7127E86F9FFE2A53E271B56B2C4CEDF, 9C8D60290B66976BBC6E6FE0C2B8EBBCF65B019C95116565CA75098E9F66C05D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
23:04:53.0533 0x0b40 nusb3hub - ok
23:04:53.0564 0x0b40 [ 49BBEC6F48D5F9284B03ABF3A959B19B, 688AFDFA9E2F0AB3BDE22EC55C70FD592AA0236557DA9310E1557C083307CEC5 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:04:53.0580 0x0b40 nusb3xhc - ok
23:04:53.0611 0x0b40 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:04:53.0627 0x0b40 nvraid - ok
23:04:53.0642 0x0b40 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:04:53.0658 0x0b40 nvstor - ok
23:04:53.0673 0x0b40 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:04:53.0689 0x0b40 nv_agp - ok
23:04:53.0705 0x0b40 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:04:53.0720 0x0b40 ohci1394 - ok
23:04:53.0814 0x0b40 [ E47C13E2DEC4244836D6728C36CDA1A6, 851FA9894918D515D1B49E847F0789ECBA6CC3C8BBF3EA491D7F6AB6E7205FB6 ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
23:04:53.0829 0x0b40 OpenVPNService - ok
23:04:53.0876 0x0b40 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:04:53.0892 0x0b40 ose - ok
23:04:54.0079 0x0b40 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:04:54.0188 0x0b40 osppsvc - ok
23:04:54.0219 0x0b40 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:04:54.0251 0x0b40 p2pimsvc - ok
23:04:54.0266 0x0b40 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:04:54.0297 0x0b40 p2psvc - ok
23:04:54.0313 0x0b40 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
23:04:54.0344 0x0b40 Parport - ok
23:04:54.0360 0x0b40 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:04:54.0375 0x0b40 partmgr - ok
23:04:54.0422 0x0b40 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:04:54.0453 0x0b40 PcaSvc - ok
23:04:54.0453 0x0b40 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
23:04:54.0469 0x0b40 pci - ok
23:04:54.0500 0x0b40 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
23:04:54.0500 0x0b40 pciide - ok
23:04:54.0516 0x0b40 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:04:54.0531 0x0b40 pcmcia - ok
23:04:54.0547 0x0b40 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:04:54.0563 0x0b40 pcw - ok
23:04:54.0625 0x0b40 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:04:54.0656 0x0b40 PEAUTH - ok
23:04:54.0703 0x0b40 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:04:54.0765 0x0b40 PeerDistSvc - ok
23:04:54.0828 0x0b40 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:04:54.0859 0x0b40 PerfHost - ok
23:04:54.0906 0x0b40 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
23:04:54.0984 0x0b40 pla - ok
23:04:55.0031 0x0b40 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:04:55.0046 0x0b40 PlugPlay - ok
23:04:55.0062 0x0b40 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:04:55.0077 0x0b40 PNRPAutoReg - ok
23:04:55.0093 0x0b40 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:04:55.0109 0x0b40 PNRPsvc - ok
23:04:55.0155 0x0b40 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:04:55.0202 0x0b40 PolicyAgent - ok
23:04:55.0218 0x0b40 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:04:55.0265 0x0b40 Power - ok
23:04:55.0296 0x0b40 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:04:55.0327 0x0b40 PptpMiniport - ok
23:04:55.0343 0x0b40 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
23:04:55.0358 0x0b40 Processor - ok
23:04:55.0421 0x0b40 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
23:04:55.0452 0x0b40 ProfSvc - ok
23:04:55.0452 0x0b40 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:04:55.0467 0x0b40 ProtectedStorage - ok
23:04:55.0483 0x0b40 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:04:55.0514 0x0b40 Psched - ok
23:04:55.0592 0x0b40 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:04:55.0655 0x0b40 ql2300 - ok
23:04:55.0670 0x0b40 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:04:55.0686 0x0b40 ql40xx - ok
23:04:55.0717 0x0b40 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:04:55.0733 0x0b40 QWAVE - ok
23:04:55.0748 0x0b40 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:04:55.0764 0x0b40 QWAVEdrv - ok
23:04:55.0779 0x0b40 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:04:55.0811 0x0b40 RasAcd - ok
23:04:55.0826 0x0b40 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:04:55.0873 0x0b40 RasAgileVpn - ok
23:04:55.0889 0x0b40 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:04:55.0920 0x0b40 RasAuto - ok
23:04:55.0935 0x0b40 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:04:55.0982 0x0b40 Rasl2tp - ok
23:04:55.0998 0x0b40 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
23:04:56.0045 0x0b40 RasMan - ok
23:04:56.0060 0x0b40 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:04:56.0107 0x0b40 RasPppoe - ok
23:04:56.0123 0x0b40 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:04:56.0154 0x0b40 RasSstp - ok
23:04:56.0169 0x0b40 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:04:56.0232 0x0b40 rdbss - ok
23:04:56.0247 0x0b40 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:04:56.0263 0x0b40 rdpbus - ok
23:04:56.0279 0x0b40 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:04:56.0294 0x0b40 RDPCDD - ok
23:04:56.0325 0x0b40 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:04:56.0341 0x0b40 RDPDR - ok
23:04:56.0357 0x0b40 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:04:56.0388 0x0b40 RDPENCDD - ok
23:04:56.0403 0x0b40 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:04:56.0435 0x0b40 RDPREFMP - ok
23:04:56.0513 0x0b40 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:04:56.0528 0x0b40 RdpVideoMiniport - ok
23:04:56.0591 0x0b40 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:04:56.0606 0x0b40 RDPWD - ok
23:04:56.0653 0x0b40 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:04:56.0669 0x0b40 rdyboost - ok
23:04:56.0684 0x0b40 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:04:56.0715 0x0b40 RemoteAccess - ok
23:04:56.0747 0x0b40 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:04:56.0778 0x0b40 RemoteRegistry - ok
23:04:56.0809 0x0b40 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:04:56.0840 0x0b40 RFCOMM - ok
23:04:56.0840 0x0b40 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:04:56.0871 0x0b40 RpcEptMapper - ok
23:04:56.0887 0x0b40 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:04:56.0903 0x0b40 RpcLocator - ok
23:04:56.0934 0x0b40 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
23:04:56.0965 0x0b40 RpcSs - ok
23:04:56.0996 0x0b40 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:04:57.0043 0x0b40 rspndr - ok
23:04:57.0090 0x0b40 [ 135A64530D7699AD48F29D73A658DD11, 35838AE8ACFD9047C68DD0C8910557A82998E5CD778D5B98D4767AFA4BCE85BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
23:04:57.0105 0x0b40 RSUSBSTOR - ok
23:04:57.0137 0x0b40 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:04:57.0168 0x0b40 RTL8167 - ok
23:04:57.0199 0x0b40 [ A29F3787FEA005C8355F62321BE9E065, A1BE2758EE21CBFB00E6F32D3C62323D890BD9AD177E880390CFAD9F5326A9B3 ] rusb3hub C:\Windows\system32\DRIVERS\rusb3hub.sys
23:04:57.0215 0x0b40 rusb3hub - ok
23:04:57.0230 0x0b40 [ 0FE1DB20DA9863CD5B397717FF07738B, 3BCA3269A6ECA501508F2BAC56DB9C0B2DAD3DDA853C5FB168E4C628A94E1C83 ] rusb3xhc C:\Windows\system32\DRIVERS\rusb3xhc.sys
23:04:57.0246 0x0b40 rusb3xhc - ok
23:04:57.0277 0x0b40 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:04:57.0293 0x0b40 s3cap - ok
23:04:57.0308 0x0b40 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
23:04:57.0324 0x0b40 SamSs - ok
23:04:57.0433 0x0b40 [ F22189298ABFC75F2A2D87BCCD3CA092, 8408FBC2C05A437F4382C3D9822E857E660C7656F2B10C4A5FC4802FE4721B2F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
23:04:57.0449 0x0b40 SbieDrv - ok
23:04:57.0511 0x0b40 [ 53A64997DEC2AA75C611B376E5A9D03F, 1BE87A3F148EBCBB7311D5BFD4C616E000C4CD4335C8A69966161EDA47FBE1C6 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
23:04:57.0527 0x0b40 SbieSvc - ok
23:04:57.0542 0x0b40 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:04:57.0558 0x0b40 sbp2port - ok
23:04:57.0605 0x0b40 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:04:57.0651 0x0b40 SCardSvr - ok
23:04:57.0683 0x0b40 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:04:57.0714 0x0b40 scfilter - ok
23:04:57.0761 0x0b40 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
23:04:57.0823 0x0b40 Schedule - ok
23:04:57.0854 0x0b40 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:04:57.0885 0x0b40 SCPolicySvc - ok
23:04:57.0901 0x0b40 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:04:57.0917 0x0b40 SDRSVC - ok
23:04:57.0948 0x0b40 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:04:57.0979 0x0b40 secdrv - ok
23:04:57.0995 0x0b40 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
23:04:58.0026 0x0b40 seclogon - ok
23:04:58.0041 0x0b40 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:04:58.0073 0x0b40 SENS - ok
23:04:58.0088 0x0b40 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:04:58.0104 0x0b40 SensrSvc - ok
23:04:58.0166 0x0b40 [ D666EBEC6374B2018CF61EE204C3CF50, 4BA0C0370F0C13AADBAE9724660F13210554B0B84C405494521502C2F6DEF27E ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
23:04:58.0182 0x0b40 Ser2pl - ok
23:04:58.0197 0x0b40 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:04:58.0213 0x0b40 Serenum - ok
23:04:58.0244 0x0b40 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
23:04:58.0275 0x0b40 Serial - ok
23:04:58.0275 0x0b40 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:04:58.0291 0x0b40 sermouse - ok
23:04:58.0322 0x0b40 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
23:04:58.0353 0x0b40 SessionEnv - ok
23:04:58.0369 0x0b40 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:04:58.0385 0x0b40 sffdisk - ok
23:04:58.0385 0x0b40 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:04:58.0416 0x0b40 sffp_mmc - ok
23:04:58.0416 0x0b40 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:04:58.0431 0x0b40 sffp_sd - ok
23:04:58.0447 0x0b40 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:04:58.0463 0x0b40 sfloppy - ok
23:04:58.0494 0x0b40 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:04:58.0525 0x0b40 SharedAccess - ok
23:04:58.0556 0x0b40 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:04:58.0603 0x0b40 ShellHWDetection - ok
23:04:58.0619 0x0b40 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:04:58.0634 0x0b40 SiSRaid2 - ok
23:04:58.0650 0x0b40 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:04:58.0665 0x0b40 SiSRaid4 - ok
23:04:58.0759 0x0b40 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:04:58.0790 0x0b40 SkypeUpdate - ok
23:04:58.0806 0x0b40 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:04:58.0837 0x0b40 Smb - ok
23:04:58.0853 0x0b40 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:04:58.0868 0x0b40 SNMPTRAP - ok
23:04:58.0884 0x0b40 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:04:58.0899 0x0b40 spldr - ok
23:04:58.0931 0x0b40 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
23:04:58.0962 0x0b40 Spooler - ok
23:04:59.0055 0x0b40 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
23:04:59.0165 0x0b40 sppsvc - ok
23:04:59.0165 0x0b40 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:04:59.0211 0x0b40 sppuinotify - ok
23:04:59.0227 0x0b40 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:04:59.0258 0x0b40 srv - ok
23:04:59.0274 0x0b40 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:04:59.0305 0x0b40 srv2 - ok
23:04:59.0321 0x0b40 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:04:59.0336 0x0b40 srvnet - ok
23:04:59.0367 0x0b40 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:04:59.0399 0x0b40 SSDPSRV - ok
23:04:59.0414 0x0b40 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:04:59.0461 0x0b40 SstpSvc - ok
23:04:59.0523 0x0b40 [ 92E7F6666633D2DD91D527503DAA7BE0, E97C7FFCAF2C7A83B270B6C797A91C2731FEA26874FE1E59B4CB55D5D98744BB ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
23:04:59.0539 0x0b40 stdcfltn - ok
23:04:59.0570 0x0b40 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:04:59.0586 0x0b40 stexstor - ok
23:04:59.0617 0x0b40 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
23:04:59.0648 0x0b40 stisvc - ok
23:04:59.0664 0x0b40 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:04:59.0679 0x0b40 storflt - ok
23:04:59.0695 0x0b40 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
23:04:59.0726 0x0b40 StorSvc - ok
23:04:59.0742 0x0b40 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:04:59.0757 0x0b40 storvsc - ok
23:04:59.0757 0x0b40 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:04:59.0773 0x0b40 swenum - ok
23:04:59.0804 0x0b40 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:04:59.0851 0x0b40 swprv - ok
23:04:59.0929 0x0b40 [ 09E811486038F1C06F9E00DFFAAB7A4E, B0D983659CFBD89DA2821171414EB2D9604E02E97AAB4798D64A0FF4E8A3EAB2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:04:59.0991 0x0b40 SynTP - ok
23:05:00.0054 0x0b40 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
23:05:00.0116 0x0b40 SysMain - ok
23:05:00.0132 0x0b40 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:05:00.0147 0x0b40 TabletInputService - ok
23:05:00.0210 0x0b40 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
23:05:00.0225 0x0b40 tap0901 - ok
23:05:00.0241 0x0b40 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
23:05:00.0272 0x0b40 TapiSrv - ok
23:05:00.0288 0x0b40 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:05:00.0319 0x0b40 TBS - ok
23:05:00.0381 0x0b40 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:05:00.0459 0x0b40 Tcpip - ok
23:05:00.0537 0x0b40 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:05:00.0584 0x0b40 TCPIP6 - ok
23:05:00.0600 0x0b40 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:05:00.0631 0x0b40 tcpipreg - ok
23:05:00.0647 0x0b40 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:05:00.0662 0x0b40 TDPIPE - ok
23:05:00.0678 0x0b40 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:05:00.0678 0x0b40 TDTCP - ok
23:05:00.0740 0x0b40 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:05:00.0756 0x0b40 tdx - ok
23:05:00.0771 0x0b40 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:05:00.0787 0x0b40 TermDD - ok
23:05:00.0834 0x0b40 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
23:05:00.0865 0x0b40 TermService - ok
23:05:00.0881 0x0b40 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:05:00.0912 0x0b40 Themes - ok
23:05:00.0927 0x0b40 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:05:00.0959 0x0b40 THREADORDER - ok
23:05:00.0974 0x0b40 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:05:01.0005 0x0b40 TrkWks - ok
23:05:01.0037 0x0b40 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:05:01.0068 0x0b40 TrustedInstaller - ok
23:05:01.0130 0x0b40 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:01.0146 0x0b40 tssecsrv - ok
23:05:01.0177 0x0b40 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:05:01.0193 0x0b40 TsUsbFlt - ok
23:05:01.0224 0x0b40 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:05:01.0239 0x0b40 TsUsbGD - ok
23:05:01.0286 0x0b40 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:05:01.0317 0x0b40 tunnel - ok
23:05:01.0333 0x0b40 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:05:01.0349 0x0b40 uagp35 - ok
23:05:01.0364 0x0b40 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:05:01.0411 0x0b40 udfs - ok
23:05:01.0427 0x0b40 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:05:01.0442 0x0b40 UI0Detect - ok
23:05:01.0458 0x0b40 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:05:01.0458 0x0b40 uliagpkx - ok
23:05:01.0473 0x0b40 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:05:01.0505 0x0b40 umbus - ok
23:05:01.0536 0x0b40 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
23:05:01.0551 0x0b40 UmPass - ok
23:05:01.0567 0x0b40 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
23:05:01.0598 0x0b40 UmRdpService - ok
23:05:01.0754 0x0b40 [ 2C16648A12999AE69A9EBF41974B0BA2, 06008F61B6EC36CD34CB8C4BA983371DB7A9F4BEE15E5329F5E90FEEE300D258 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:05:01.0817 0x0b40 UNS - ok
23:05:01.0863 0x0b40 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:05:01.0895 0x0b40 upnphost - ok
23:05:01.0926 0x0b40 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:01.0941 0x0b40 usbccgp - ok
23:05:01.0973 0x0b40 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:05:01.0988 0x0b40 usbcir - ok
23:05:02.0004 0x0b40 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:05:02.0019 0x0b40 usbehci - ok
23:05:02.0051 0x0b40 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:05:02.0066 0x0b40 usbhub - ok
23:05:02.0097 0x0b40 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:05:02.0113 0x0b40 usbohci - ok
23:05:02.0129 0x0b40 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:05:02.0144 0x0b40 usbprint - ok
23:05:02.0175 0x0b40 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:05:02.0191 0x0b40 usbscan - ok
23:05:02.0238 0x0b40 [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
23:05:02.0253 0x0b40 usbser - ok
23:05:02.0285 0x0b40 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:05:02.0300 0x0b40 USBSTOR - ok
23:05:02.0316 0x0b40 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:05:02.0331 0x0b40 usbuhci - ok
23:05:02.0363 0x0b40 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:05:02.0378 0x0b40 usbvideo - ok
23:05:02.0409 0x0b40 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
23:05:02.0441 0x0b40 usb_rndisx - ok
23:05:02.0472 0x0b40 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:05:02.0503 0x0b40 UxSms - ok
23:05:02.0519 0x0b40 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
23:05:02.0519 0x0b40 VaultSvc - ok
23:05:02.0597 0x0b40 [ 2BE85EECCC3F537C685ACF0FC4D5341C, 13FB079C220D6EB29515ED293C97DAAA6CE364C00B67B2D2251E742412DCEFAD ] VC10SecS C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe
23:05:02.0597 0x0b40 VC10SecS - ok
23:05:02.0659 0x0b40 [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6, E0869E4E9271B484209BB44E6E17D99BE6CEA08A983132C0D69FA373202B14D7 ] vcd10bus C:\Windows\system32\DRIVERS\vcd10bus.sys
23:05:02.0675 0x0b40 vcd10bus - ok
23:05:02.0784 0x0b40 [ 20BF96C13DB4BA085D98F4700F3B05FE, B239CB072E7ADB784D094B439AF5390D370F799D2DF4CB4AB781AE00A6810BBC ] vcsFPService C:\Windows\system32\vcsFPService.exe
23:05:02.0893 0x0b40 vcsFPService - ok
23:05:02.0909 0x0b40 [ F0ECF990B3DE8842E948279AF31CC4E5, EF8C8D6F292A39914EDAB9BEF8E5243B60A7FAC48620D144A0F2079C852B3092 ] vdrv1000 C:\Windows\system32\DRIVERS\vdrv1000.sys
23:05:02.0924 0x0b40 vdrv1000 - ok
23:05:02.0971 0x0b40 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:05:02.0987 0x0b40 vdrvroot - ok
23:05:03.0018 0x0b40 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
23:05:03.0080 0x0b40 vds - ok
23:05:03.0111 0x0b40 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:03.0127 0x0b40 vga - ok
23:05:03.0143 0x0b40 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:05:03.0174 0x0b40 VgaSave - ok
23:05:03.0189 0x0b40 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:05:03.0205 0x0b40 vhdmp - ok
23:05:03.0221 0x0b40 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
23:05:03.0236 0x0b40 viaide - ok
23:05:03.0267 0x0b40 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:05:03.0283 0x0b40 vmbus - ok
23:05:03.0299 0x0b40 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:05:03.0314 0x0b40 VMBusHID - ok
23:05:03.0330 0x0b40 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:05:03.0345 0x0b40 volmgr - ok
23:05:03.0361 0x0b40 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:05:03.0392 0x0b40 volmgrx - ok
23:05:03.0408 0x0b40 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:05:03.0423 0x0b40 volsnap - ok
23:05:03.0455 0x0b40 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:05:03.0470 0x0b40 vsmraid - ok
23:05:03.0533 0x0b40 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
23:05:03.0611 0x0b40 VSS - ok
23:05:03.0626 0x0b40 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:05:03.0657 0x0b40 vwifibus - ok
23:05:03.0673 0x0b40 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:05:03.0704 0x0b40 vwififlt - ok
23:05:03.0720 0x0b40 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:05:03.0735 0x0b40 vwifimp - ok
23:05:03.0751 0x0b40 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:05:03.0798 0x0b40 W32Time - ok
23:05:03.0845 0x0b40 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:05:03.0876 0x0b40 WacomPen - ok
23:05:03.0907 0x0b40 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:05:03.0954 0x0b40 WANARP - ok
23:05:03.0969 0x0b40 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:05:04.0001 0x0b40 Wanarpv6 - ok
23:05:04.0094 0x0b40 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:05:04.0157 0x0b40 WatAdminSvc - ok
23:05:04.0219 0x0b40 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
23:05:04.0297 0x0b40 wbengine - ok
23:05:04.0328 0x0b40 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:05:04.0344 0x0b40 WbioSrvc - ok
23:05:04.0359 0x0b40 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:05:04.0391 0x0b40 wcncsvc - ok
23:05:04.0406 0x0b40 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:05:04.0422 0x0b40 WcsPlugInService - ok
23:05:04.0453 0x0b40 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
23:05:04.0469 0x0b40 Wd - ok
23:05:04.0515 0x0b40 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:05:04.0562 0x0b40 Wdf01000 - ok
23:05:04.0593 0x0b40 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:05:04.0625 0x0b40 WdiServiceHost - ok
23:05:04.0625 0x0b40 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:05:04.0640 0x0b40 WdiSystemHost - ok
23:05:04.0656 0x0b40 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
23:05:04.0671 0x0b40 WebClient - ok
23:05:04.0703 0x0b40 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:05:04.0734 0x0b40 Wecsvc - ok
23:05:04.0749 0x0b40 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:05:04.0781 0x0b40 wercplsupport - ok
23:05:04.0796 0x0b40 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:05:04.0843 0x0b40 WerSvc - ok
23:05:04.0874 0x0b40 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:05:04.0905 0x0b40 WfpLwf - ok
23:05:04.0905 0x0b40 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:05:04.0921 0x0b40 WIMMount - ok
23:05:04.0937 0x0b40 WinDefend - ok
23:05:04.0968 0x0b40 WinHttpAutoProxySvc - ok
23:05:05.0015 0x0b40 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:05:05.0061 0x0b40 Winmgmt - ok
23:05:05.0124 0x0b40 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
23:05:05.0202 0x0b40 WinRM - ok
23:05:05.0233 0x0b40 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:05:05.0249 0x0b40 WinUSB - ok
23:05:05.0280 0x0b40 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:05:05.0327 0x0b40 Wlansvc - ok
23:05:05.0342 0x0b40 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:05:05.0358 0x0b40 WmiAcpi - ok
23:05:05.0389 0x0b40 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:05:05.0405 0x0b40 wmiApSrv - ok
23:05:05.0436 0x0b40 WMPNetworkSvc - ok
23:05:05.0436 0x0b40 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:05:05.0467 0x0b40 WPCSvc - ok
23:05:05.0483 0x0b40 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:05:05.0498 0x0b40 WPDBusEnum - ok
23:05:05.0514 0x0b40 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:05:05.0545 0x0b40 ws2ifsl - ok
23:05:05.0545 0x0b40 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:05:05.0576 0x0b40 wscsvc - ok
23:05:05.0592 0x0b40 WSearch - ok
23:05:05.0670 0x0b40 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
23:05:05.0763 0x0b40 wuauserv - ok
23:05:05.0795 0x0b40 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:05:05.0826 0x0b40 WudfPf - ok
23:05:05.0841 0x0b40 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:05:05.0873 0x0b40 WUDFRd - ok
23:05:05.0919 0x0b40 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:05:05.0935 0x0b40 wudfsvc - ok
23:05:05.0966 0x0b40 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:05:05.0982 0x0b40 WwanSvc - ok
23:05:06.0029 0x0b40 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:05:06.0060 0x0b40 ZTEusbmdm6k - ok
23:05:06.0091 0x0b40 [ 2027F0FB014474FA494C3A28D87BD836, 6DF3FFE4430FC90C4DB07F306B2B81D568DEA9F47BE0A5A77FDE5D941E9D9A19 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
23:05:06.0122 0x0b40 ZTEusbnet - ok
23:05:06.0122 0x0b40 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:05:06.0153 0x0b40 ZTEusbnmea - ok
23:05:06.0185 0x0b40 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:05:06.0200 0x0b40 ZTEusbser6k - ok
23:05:06.0216 0x0b40 [ 40826B3282E5D17A32695ABC7F55B129, BBDC08987A4F80CC29540DAFF75E784EC4B5D4CF80114BAC747B4223B44716FA ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
23:05:06.0231 0x0b40 ZTEusbvoice - ok
23:05:06.0298 0x0b40 ================ Scan global ===============================
23:05:06.0318 0x0b40 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:05:06.0338 0x0b40 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:05:06.0348 0x0b40 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:05:06.0368 0x0b40 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:05:06.0384 0x0b40 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:05:06.0399 0x0b40 [ Global ] - ok
23:05:06.0399 0x0b40 ================ Scan MBR ==================================
23:05:06.0415 0x0b40 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:05:06.0789 0x0b40 \Device\Harddisk0\DR0 - ok
23:05:06.0789 0x0b40 ================ Scan VBR ==================================
23:05:06.0821 0x0b40 [ 43046CE01CAFD953AAE20D679F4F10EE ] \Device\Harddisk0\DR0\Partition1
23:05:06.0821 0x0b40 \Device\Harddisk0\DR0\Partition1 - ok
23:05:06.0821 0x0b40 ================ Scan generic autorun ======================
23:05:06.0852 0x0b40 [ 77B4FE8D1D2576E9F81E9187A710362D, 15B77D074D67026BA34288C019C054653D500590CE7A4ADA119AE0114E170150 ] C:\Windows\system32\igfxtray.exe
23:05:06.0867 0x0b40 IgfxTray - ok
23:05:06.0883 0x0b40 [ F408E022E4B79EA9BF19886E70EBCAE2, B4880743CE2453E63C145C5FC363EEC4BB9C7AAEC584BA98BE82D7954473A4F9 ] C:\Windows\system32\hkcmd.exe
23:05:06.0899 0x0b40 HotKeysCmds - ok
23:05:06.0930 0x0b40 [ FFB727DEF1DC9194CE0772B24960F0A2, 9B5A77E80EEDD7DFD1B34DD1AA186B93FFB5B95E00C3232071C0EBDA1B4E7DF4 ] C:\Windows\system32\igfxpers.exe
23:05:06.0945 0x0b40 Persistence - ok
23:05:06.0992 0x0b40 [ E1056FAD529FA3B84BFB27E9870EC037, 3358455E2CC954EB354AFF39663F7874676A68109BC00B653B0A18FC10E1F584 ] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
23:05:07.0008 0x0b40 AtherosBtStack - detected UnsignedFile.Multi.Generic ( 1 )
23:05:09.0426 0x0b40 Detect skipped due to KSN trusted
23:05:09.0426 0x0b40 AtherosBtStack - ok
23:05:09.0504 0x0b40 [ 049165B475B9E49F97ED7D66B0639B30, F194C75E7137DE3E784264E58A6C009B8606B6E62F4A1C8A072FD77EFD24A945 ] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
23:05:09.0535 0x0b40 AthBtTray - detected UnsignedFile.Multi.Generic ( 1 )
23:05:12.0000 0x0b40 Detect skipped due to KSN trusted
23:05:12.0000 0x0b40 AthBtTray - ok
23:05:12.0249 0x0b40 [ 2C3FB0759319FE11AC5940E8C2F037CE, 8C44CFD0E47207D62B3746438280A648BAD7A0779AEE6E73E6EFDD213BD51F63 ] C:\Program Files\Dell\QuickSet\QuickSet.exe
23:05:12.0405 0x0b40 QuickSet - detected UnsignedFile.Multi.Generic ( 1 )
23:05:15.0182 0x0b40 Detect skipped due to KSN trusted
23:05:15.0182 0x0b40 QuickSet - ok
23:05:15.0416 0x0b40 [ 8D9818AA1621B947776BC7D224EFC4A2, 4D38A2BE4D8D832CA8624DE747D4FDD2F9FCCCF0A934F56FBD0ACEE640484432 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
23:05:15.0635 0x0b40 RTHDVCPL - ok
23:05:15.0650 0x0b40 SynTPEnh - ok
23:05:15.0728 0x0b40 [ ECF2A81F3D0F80F2D1842A4898C71DE5, 93F3F4B4A37B9D0C668AD5F006EE50C47F639B0D3549E50184622408564921C6 ] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
23:05:15.0744 0x0b40 FreeFallProtection - ok
23:05:15.0791 0x0b40 [ 4A73AB8412D3AA6CFAD24051FF9DBFA7, 7C1F6BDECE92F2A58E88FC603F1BEE9B0F72130136AE9A368892323A9A327FD1 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
23:05:15.0806 0x0b40 IAStorIcon - ok
23:05:15.0853 0x0b40 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
23:05:15.0853 0x0b40 BCSSync - ok
23:05:15.0900 0x0b40 [ 0F06EFD68B019087E50C7016943DAD9E, 384F4C83AA4245B7A57817218432D264D8E727EBF0A2526F021C3C29AC1999DA ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
23:05:15.0931 0x0b40 Dell Webcam Central - detected UnsignedFile.Multi.Generic ( 1 )
23:05:18.0365 0x0b40 Detect skipped due to KSN trusted
23:05:18.0365 0x0b40 Dell Webcam Central - ok
23:05:18.0443 0x0b40 [ 9D51EA92A612B37E76E5E4621650C50A, 00BD61C8527A80C0F684882379A0AC2E5A54E8BBECC797087B960CDC8454C373 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
23:05:18.0443 0x0b40 NUSB3MON - ok
23:05:18.0521 0x0b40 [ 24DDB29F95FF37E76A8D07856540DADC, 29F0380BD8154CB94009682A674ED8E0E4F7D683706F6C5C4AD8AE9FEB0D05F9 ] C:\Program Files (x86)\RFG\Brmfcmon\BrMfcWnd.exe
23:05:18.0567 0x0b40 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
23:05:21.0001 0x0b40 Detect skipped due to KSN trusted
23:05:21.0001 0x0b40 BrMfcWnd - ok
23:05:21.0048 0x0b40 [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\RFG\ControlCenter3\brctrcen.exe
23:05:21.0063 0x0b40 ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
23:05:23.0544 0x0b40 Detect skipped due to KSN trusted
23:05:23.0544 0x0b40 ControlCenter3 - ok
23:05:23.0622 0x0b40 [ 0C944B589C7959F4F271F833D8B1489A, BB15DEDE6C8C280B7A4C14FD03C5BB9B040FEFFE0F06830B126952CF265E1FE9 ] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe
23:05:23.0637 0x0b40 VC10Player - ok
23:05:23.0715 0x0b40 [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:05:23.0731 0x0b40 Adobe ARM - ok
23:05:23.0793 0x0b40 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:05:23.0825 0x0b40 Sidebar - ok
23:05:23.0856 0x0b40 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:05:23.0871 0x0b40 mctadmin - ok
23:05:23.0903 0x0b40 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:05:23.0934 0x0b40 Sidebar - ok
23:05:23.0949 0x0b40 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:05:23.0965 0x0b40 mctadmin - ok
23:05:24.0074 0x0b40 [ 795579AEE31744DC18E475AAC06561EF, FFCFA47F29AB0DF4D23AA6490DEC8B6E6E1B10CB88133C3A138044E8116819D5 ] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
23:05:24.0105 0x0b40 Copernic Desktop Search - Home - ok
23:05:24.0183 0x0b40 [ 55F751FD10B5CE32FD44BD658438A0AE, 26FAE4ADA494D28872EA4323B53FCC590C7126C5348B893665FEA4714894CBF2 ] C:\Program Files\Sandboxie\SbieCtrl.exe
23:05:24.0199 0x0b40 SandboxieControl - ok
23:05:24.0339 0x0b40 [ F17C9D9A94B5A0CB31EF8E61150D9E36, FA80EDD1B1C44E323D600F96F8893D6139373C57464905551D2900AE7FC39732 ] C:\Users\Supidup\AppData\Local\Apps\2.0\HHBC2GCD.PRL\3MN87EL1.5GL\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
23:05:24.0355 0x0b40 DellSystemDetect - detected UnsignedFile.Multi.Generic ( 1 )
23:05:26.0773 0x0b40 Detect skipped due to KSN trusted
23:05:26.0773 0x0b40 DellSystemDetect - ok
23:05:27.0023 0x0b40 [ 2EC58592401DF51E46BF79523A5E35F2, 2B3CFC4FD12D2C1DF33E7F815F4453FDBDF4C6672BFE32D038CED0F16398EB46 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe
23:05:27.0054 0x0b40 FlashPlayerUpdate - ok
23:05:27.0054 0x0b40 Waiting for KSN requests completion. In queue: 9
23:05:28.0068 0x0b40 Waiting for KSN requests completion. In queue: 9
23:05:29.0082 0x0b40 Waiting for KSN requests completion. In queue: 9
23:05:30.0096 0x0b40 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.644 ), 0x40000 ( disabled : updated )
23:05:30.0111 0x0b40 Win FW state via NFP2: enabled
23:05:44.0637 0x0b40 ============================================================
23:05:44.0637 0x0b40 Scan finished
23:05:44.0637 0x0b40 ============================================================
23:05:44.0637 0x0e2c Detected object count: 0
23:05:44.0637 0x0e2c Actual detected object count: 0

schrauber 16.03.2015 11:42
Sieht gut aus. Kommen noch Funde von deinem AV und MBAM?

Areuka 16.03.2015 16:40
Uffz, dann ist's ja wohl grad noch mal gutgegangen (hoffentlich).

Ich werde MBAM und Avira nochmal komplett laufen lassen. Dauert allerdings etwas, beim letzten Mal hat Avira rund 20h gebraucht (von Rescue CD gestartet). Ich melde mich dann wieder und poste die neuen Logs.

schrauber 17.03.2015 07:27
ok :)

Areuka 17.03.2015 07:54
So, MBAM und Avira haben gescannt (Avira normal gestartet, nicht von Rescue CD, dafür aber mit so ziemlich allen Optionen aktiviert). MBAM scheint ok zu sein.

Avira sagt, daß es was gefunden hätte. Soweit ich sehe, betrifft das aber nur Android-Recovery-Images und andere Android-Betriebssystemdateien (hab ein chinesisches Smartphone). Selbst wenn das wirklich Viren/Trojaner sind und kein Fehlalarm, dann können die doch meinem Windows-Rechnier nicht infiziert haben, oder? Ich meine mal gelesen zu haben, daß Viren betriebssystemspezifisch sind, stimmt das noch?

Dieselben Files hatte Avira schon mal moniert und umbenannt. Deshalb hab ich sie erstmal nicht in Quarantäne verschieben lassen, vielleicht brauch ich sie ja noch. Auf dem Smartphone sind keine sensiblen Daten, deshalb ist das nicht wild.

Bitte schau noch mal drüber, falls ich was übersehen / falsch verstanden hab. Danke!

Hier die Logs:

#Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 16.03.2015
Suchlauf-Zeit: 16:36:35
Logdatei: mbam-log-2015-03-16.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.16.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Premium
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Supidup

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 348929
Verstrichene Zeit: 24 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

#

Antivirus Pro
Report file date: Montag, 16. März 2015 16:45


The program is running as an unrestricted full version.
Online services are available.

Licensee : Sabine Muenzer
Serial number : 2222184629-PEPWE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Supidup
Computer name : SUPIDUP-PC

Version information:
BUILD.DAT : 15.0.8.644 94169 Bytes 24.02.2015 09:56:00
AVSCAN.EXE : 15.0.8.644 1015032 Bytes 03.03.2015 09:58:41
AVSCANRC.DLL : 15.0.8.480 55544 Bytes 03.03.2015 09:58:41
LUKE.DLL : 15.0.8.644 60664 Bytes 03.03.2015 09:58:58
AVSCPLR.DLL : 15.0.8.538 93488 Bytes 03.03.2015 09:58:41
REPAIR.DLL : 15.0.8.644 366328 Bytes 03.03.2015 09:58:40
REPAIR.RDF : 1.0.6.42 800826 Bytes 16.03.2015 15:33:03
AVREG.DLL : 15.0.8.644 265464 Bytes 03.03.2015 09:58:39
AVLODE.DLL : 15.0.8.644 645368 Bytes 03.03.2015 09:58:37
AVLODE.RDF : 14.0.4.54 78895 Bytes 15.12.2014 10:24:21
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 08:30:21
XBV00142.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:38
XBV00143.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:38
XBV00144.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:38
XBV00145.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:38
XBV00146.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00147.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00148.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00149.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00150.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00151.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00152.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00153.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00154.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00155.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00156.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00157.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00158.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00159.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00160.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00161.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00162.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:39
XBV00163.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00164.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00165.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00166.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00167.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00168.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00169.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00170.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00171.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00172.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00173.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00174.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00175.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00176.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00177.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00178.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:40
XBV00179.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00180.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00181.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00182.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00183.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00184.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00185.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00186.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00187.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00188.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00189.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00190.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00191.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00192.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00193.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00194.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00195.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00196.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:41
XBV00197.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00198.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00199.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00200.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00201.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00202.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00203.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00204.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00205.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00206.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00207.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00208.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00209.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00210.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00211.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00212.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00213.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00214.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:42
XBV00215.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00216.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00217.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00218.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00219.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00220.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00221.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00222.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00223.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00224.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00225.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00226.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00227.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00228.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00229.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00230.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00231.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00232.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:43
XBV00233.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00234.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00235.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00236.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00237.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00238.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00239.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00240.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00241.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00242.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00243.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00244.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00245.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00246.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00247.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00248.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00249.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00250.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:44
XBV00251.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:45
XBV00252.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:45
XBV00253.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:45
XBV00254.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:45
XBV00255.VDF : 8.11.213.176 2048 Bytes 05.03.2015 11:58:45
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 08:30:21
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 08:30:21
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 08:30:21
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 08:30:21
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 08:30:21
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 08:30:21
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 08:30:21
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 08:30:21
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 08:30:21
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 09:45:15
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 11:03:15
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 12:15:14
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 10:24:24
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 12:33:28
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 13:09:14
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 23:58:28
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 11:58:33
XBV00042.VDF : 8.11.213.202 3584 Bytes 05.03.2015 11:58:33
XBV00043.VDF : 8.11.213.204 2048 Bytes 05.03.2015 11:58:33
XBV00044.VDF : 8.11.213.230 40960 Bytes 05.03.2015 13:58:31
XBV00045.VDF : 8.11.214.2 29184 Bytes 05.03.2015 23:27:44
XBV00046.VDF : 8.11.214.28 25088 Bytes 05.03.2015 01:27:24
XBV00047.VDF : 8.11.214.30 14848 Bytes 05.03.2015 01:27:24
XBV00048.VDF : 8.11.214.32 3072 Bytes 05.03.2015 01:27:24
XBV00049.VDF : 8.11.214.34 2048 Bytes 06.03.2015 01:27:24
XBV00050.VDF : 8.11.214.38 39424 Bytes 06.03.2015 07:27:16
XBV00051.VDF : 8.11.214.40 6656 Bytes 06.03.2015 09:27:21
XBV00052.VDF : 8.11.214.42 4608 Bytes 06.03.2015 09:27:21
XBV00053.VDF : 8.11.214.44 5120 Bytes 06.03.2015 13:52:45
XBV00054.VDF : 8.11.214.46 23552 Bytes 06.03.2015 13:52:45
XBV00055.VDF : 8.11.214.48 3072 Bytes 06.03.2015 13:52:45
XBV00056.VDF : 8.11.214.50 25600 Bytes 06.03.2015 13:52:45
XBV00057.VDF : 8.11.214.72 2048 Bytes 06.03.2015 13:52:45
XBV00058.VDF : 8.11.214.92 48128 Bytes 06.03.2015 17:52:24
XBV00059.VDF : 8.11.214.112 12800 Bytes 06.03.2015 19:52:25
XBV00060.VDF : 8.11.214.114 2560 Bytes 06.03.2015 19:52:25
XBV00061.VDF : 8.11.214.136 32256 Bytes 06.03.2015 01:52:48
XBV00062.VDF : 8.11.214.138 2048 Bytes 06.03.2015 01:52:48
XBV00063.VDF : 8.11.214.140 2048 Bytes 07.03.2015 01:52:48
XBV00064.VDF : 8.11.214.144 34304 Bytes 07.03.2015 11:52:32
XBV00065.VDF : 8.11.214.146 2048 Bytes 07.03.2015 11:52:32
XBV00066.VDF : 8.11.214.168 33792 Bytes 07.03.2015 15:52:32
XBV00067.VDF : 8.11.214.188 71168 Bytes 08.03.2015 13:52:35
XBV00068.VDF : 8.11.214.190 2048 Bytes 08.03.2015 13:52:35
XBV00069.VDF : 8.11.214.192 2048 Bytes 08.03.2015 13:52:35
XBV00070.VDF : 8.11.214.212 2048 Bytes 08.03.2015 13:52:35
XBV00071.VDF : 8.11.214.232 28672 Bytes 08.03.2015 15:52:34
XBV00072.VDF : 8.11.214.252 69120 Bytes 09.03.2015 07:52:38
XBV00073.VDF : 8.11.215.14 3584 Bytes 09.03.2015 07:52:38
XBV00074.VDF : 8.11.215.32 7168 Bytes 09.03.2015 09:52:36
XBV00075.VDF : 8.11.215.50 12800 Bytes 09.03.2015 13:52:36
XBV00076.VDF : 8.11.215.52 5120 Bytes 09.03.2015 13:52:36
XBV00077.VDF : 8.11.215.70 17920 Bytes 09.03.2015 15:52:38
XBV00078.VDF : 8.11.215.90 2048 Bytes 09.03.2015 15:52:38
XBV00079.VDF : 8.11.215.110 2048 Bytes 09.03.2015 15:52:38
XBV00080.VDF : 8.11.215.132 29696 Bytes 09.03.2015 21:52:39
XBV00081.VDF : 8.11.215.134 11264 Bytes 09.03.2015 01:52:42
XBV00082.VDF : 8.11.215.136 11264 Bytes 09.03.2015 01:52:42
XBV00083.VDF : 8.11.215.138 12288 Bytes 10.03.2015 07:52:40
XBV00084.VDF : 8.11.215.140 35840 Bytes 10.03.2015 07:52:40
XBV00085.VDF : 8.11.215.158 6144 Bytes 10.03.2015 09:52:39
XBV00086.VDF : 8.11.215.174 5632 Bytes 10.03.2015 09:52:39
XBV00087.VDF : 8.11.215.190 8704 Bytes 10.03.2015 09:52:39
XBV00088.VDF : 8.11.215.206 19968 Bytes 10.03.2015 11:52:42
XBV00089.VDF : 8.11.215.222 12800 Bytes 10.03.2015 13:52:40
XBV00090.VDF : 8.11.215.226 2048 Bytes 10.03.2015 13:52:40
XBV00091.VDF : 8.11.215.230 14336 Bytes 10.03.2015 15:52:40
XBV00092.VDF : 8.11.215.234 26112 Bytes 10.03.2015 21:52:42
XBV00093.VDF : 8.11.215.236 11776 Bytes 10.03.2015 23:52:42
XBV00094.VDF : 8.11.215.240 22016 Bytes 11.03.2015 07:53:00
XBV00095.VDF : 8.11.215.242 2048 Bytes 11.03.2015 07:53:00
XBV00096.VDF : 8.11.215.244 2048 Bytes 11.03.2015 07:53:00
XBV00097.VDF : 8.11.216.4 7680 Bytes 11.03.2015 11:53:00
XBV00098.VDF : 8.11.216.20 12800 Bytes 11.03.2015 11:53:00
XBV00099.VDF : 8.11.216.36 19968 Bytes 11.03.2015 13:52:59
XBV00100.VDF : 8.11.216.52 2560 Bytes 11.03.2015 15:52:59
XBV00101.VDF : 8.11.216.54 22016 Bytes 11.03.2015 17:52:59
XBV00102.VDF : 8.11.216.56 8192 Bytes 11.03.2015 19:53:01
XBV00103.VDF : 8.11.216.58 4608 Bytes 11.03.2015 23:53:01
XBV00104.VDF : 8.11.216.60 16896 Bytes 11.03.2015 23:53:01
XBV00105.VDF : 8.11.216.76 14336 Bytes 11.03.2015 23:53:01
XBV00106.VDF : 8.11.216.90 30208 Bytes 11.03.2015 23:53:01
XBV00107.VDF : 8.11.216.104 5632 Bytes 12.03.2015 01:53:05
XBV00108.VDF : 8.11.216.118 6656 Bytes 12.03.2015 07:53:03
XBV00109.VDF : 8.11.216.120 24576 Bytes 12.03.2015 07:53:03
XBV00110.VDF : 8.11.216.122 16896 Bytes 12.03.2015 05:53:08
XBV00111.VDF : 8.11.216.124 2048 Bytes 12.03.2015 05:53:08
XBV00112.VDF : 8.11.216.138 16896 Bytes 12.03.2015 05:53:08
XBV00113.VDF : 8.11.216.140 2048 Bytes 12.03.2015 05:53:08
XBV00114.VDF : 8.11.216.154 3584 Bytes 12.03.2015 05:53:08
XBV00115.VDF : 8.11.216.168 2048 Bytes 12.03.2015 05:53:08
XBV00116.VDF : 8.11.216.182 70144 Bytes 12.03.2015 05:53:08
XBV00117.VDF : 8.11.216.196 2048 Bytes 13.03.2015 05:53:08
XBV00118.VDF : 8.11.216.200 46080 Bytes 13.03.2015 05:53:09
XBV00119.VDF : 8.11.216.214 11776 Bytes 13.03.2015 09:53:06
XBV00120.VDF : 8.11.216.228 4096 Bytes 13.03.2015 09:53:06
XBV00121.VDF : 8.11.216.242 2560 Bytes 13.03.2015 11:53:08
XBV00122.VDF : 8.11.216.254 2560 Bytes 13.03.2015 11:53:08
XBV00123.VDF : 8.11.217.10 7680 Bytes 13.03.2015 15:03:57
XBV00124.VDF : 8.11.217.14 2048 Bytes 13.03.2015 15:03:57
XBV00125.VDF : 8.11.217.16 24576 Bytes 13.03.2015 15:03:57
XBV00126.VDF : 8.11.217.22 17408 Bytes 13.03.2015 15:03:57
XBV00127.VDF : 8.11.217.24 2048 Bytes 13.03.2015 15:03:57
XBV00128.VDF : 8.11.217.26 2048 Bytes 13.03.2015 15:03:57
XBV00129.VDF : 8.11.217.28 15872 Bytes 13.03.2015 15:03:58
XBV00130.VDF : 8.11.217.42 84480 Bytes 14.03.2015 15:03:58
XBV00131.VDF : 8.11.217.54 2048 Bytes 14.03.2015 15:03:58
XBV00132.VDF : 8.11.217.66 2048 Bytes 14.03.2015 15:03:58
XBV00133.VDF : 8.11.217.78 19456 Bytes 14.03.2015 15:03:58
XBV00134.VDF : 8.11.217.90 71680 Bytes 15.03.2015 12:13:14
XBV00135.VDF : 8.11.217.102 2048 Bytes 15.03.2015 12:13:14
XBV00136.VDF : 8.11.217.124 6656 Bytes 15.03.2015 14:13:12
XBV00137.VDF : 8.11.217.136 76800 Bytes 16.03.2015 07:33:10
XBV00138.VDF : 8.11.217.146 3584 Bytes 16.03.2015 09:33:01
XBV00139.VDF : 8.11.217.156 3584 Bytes 16.03.2015 09:33:01
XBV00140.VDF : 8.11.217.166 4096 Bytes 16.03.2015 11:33:02
XBV00141.VDF : 8.11.217.176 12288 Bytes 16.03.2015 11:33:02
LOCAL000.VDF : 8.11.217.176 124540416 Bytes 16.03.2015 11:33:15
Engine version : 8.3.30.0
AEVDF.DLL : 8.3.1.6 133992 Bytes 11.09.2014 23:45:26
AESCRIPT.DLL : 8.2.2.56 554920 Bytes 13.02.2015 09:09:59
AESCN.DLL : 8.3.2.2 139456 Bytes 15.08.2014 08:30:04
AESBX.DLL : 8.2.20.34 1615784 Bytes 04.03.2015 11:58:32
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 15:09:46
AEPACK.DLL : 8.4.0.62 793456 Bytes 20.02.2015 17:41:50
AEOFFICE.DLL : 8.3.1.14 354216 Bytes 10.03.2015 11:52:41
AEMOBILE.DLL : 8.1.7.0 281456 Bytes 10.03.2015 11:52:42
AEHEUR.DLL : 8.1.4.1578 8137584 Bytes 06.03.2015 13:52:45
AEHELP.DLL : 8.3.1.0 278728 Bytes 15.08.2014 08:30:03
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 12:24:08
AEEXP.DLL : 8.4.2.70 255904 Bytes 06.02.2015 11:09:23
AEEMU.DLL : 8.1.3.4 399264 Bytes 15.08.2014 08:30:03
AEDROID.DLL : 8.4.3.116 1050536 Bytes 10.03.2015 11:52:42
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 14:23:40
AEBB.DLL : 8.1.2.0 60448 Bytes 15.08.2014 08:30:03
AVWINLL.DLL : 15.0.8.644 25904 Bytes 03.03.2015 09:58:32
AVPREF.DLL : 15.0.8.644 52016 Bytes 03.03.2015 09:58:39
AVREP.DLL : 15.0.8.644 220464 Bytes 03.03.2015 09:58:40
AVARKT.DLL : 15.0.8.644 227120 Bytes 03.03.2015 09:58:33
AVEVTLOG.DLL : 15.0.8.644 184568 Bytes 03.03.2015 09:58:36
SQLITE3.DLL : 15.0.8.644 455472 Bytes 03.03.2015 09:59:03
AVSMTP.DLL : 15.0.8.644 78128 Bytes 03.03.2015 09:58:42
NETNT.DLL : 15.0.8.644 16120 Bytes 03.03.2015 09:58:58
RCIMAGE.DLL : 15.0.8.480 4889336 Bytes 03.03.2015 09:58:32
RCTEXT.DLL : 15.0.8.614 75056 Bytes 03.03.2015 09:58:32

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+SPR,

Start of the scan: Montag, 16. März 2015 16:45

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '108' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '31' Module(s) have been scanned
Scan process 'vcsFPService.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'DpHostW.exe' - '85' Module(s) have been scanned
Scan process 'sched.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'AERTSr64.exe' - '8' Module(s) have been scanned
Scan process 'agr64svc.exe' - '15' Module(s) have been scanned
Scan process 'avguard.exe' - '145' Module(s) have been scanned
Scan process 'Ath_CoexAgent.exe' - '40' Module(s) have been scanned
Scan process 'adminservice.exe' - '30' Module(s) have been scanned
Scan process 'dirmngr.exe' - '35' Module(s) have been scanned
Scan process 'taskhost.exe' - '69' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'Explorer.EXE' - '246' Module(s) have been scanned
Scan process 'igfxtray.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '54' Module(s) have been scanned
Scan process 'igfxpers.exe' - '38' Module(s) have been scanned
Scan process 'BtvStack.exe' - '82' Module(s) have been scanned
Scan process 'AthBtTray.exe' - '44' Module(s) have been scanned
Scan process 'quickset.exe' - '55' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '46' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '64' Module(s) have been scanned
Scan process 'FF_Protection.exe' - '35' Module(s) have been scanned
Scan process 'DesktopSearchService.exe' - '81' Module(s) have been scanned
Scan process 'SbieCtrl.exe' - '45' Module(s) have been scanned
Scan process 'DellSystemDetect.exe' - '76' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '56' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '49' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '47' Module(s) have been scanned
Scan process 'VC10Play.exe' - '138' Module(s) have been scanned
Scan process 'brccMCtl.exe' - '78' Module(s) have been scanned
Scan process 'acrotray.exe' - '53' Module(s) have been scanned
Scan process 'BrMfcmon.exe' - '42' Module(s) have been scanned
Scan process 'rusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'avgnt.exe' - '111' Module(s) have been scanned
Scan process 'GD2NDKBB.exe' - '68' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'VC10Tray.exe' - '75' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'avmailc7.exe' - '37' Module(s) have been scanned
Scan process 'avwebg7.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '53' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '119' Module(s) have been scanned
Scan process 'firefox.exe' - '169' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'vc10fwd.exe' - '77' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '32' Module(s) have been scanned
Scan process 'splwow64.exe' - '116' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '86' Module(s) have been scanned
Scan process 'thunderbird.exe' - '147' Module(s) have been scanned
Scan process 'Acrobat.exe' - '101' Module(s) have been scanned
Scan process 'KeePass.exe' - '79' Module(s) have been scanned
Scan process 'Psp.exe' - '77' Module(s) have been scanned
Scan process 'mbam.exe' - '129' Module(s) have been scanned
Scan process 'mbamservice.exe' - '51' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '43' Module(s) have been scanned
Scan process 'avcenter.exe' - '157' Module(s) have been scanned
Scan process 'avscan.exe' - '120' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '37' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '78' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\drivers\beep.sys'
Signed -> 'C:\Windows\system32\ctfmon.exe'
Signed -> 'C:\Windows\system32\imm32.dll'
Signed -> 'C:\Windows\system32\dsound.dll'
Signed -> 'C:\Windows\system32\aclui.dll'
Signed -> 'C:\Windows\system32\msvcrt.dll'
Signed -> 'C:\Windows\system32\d3d9.dll'
Signed -> 'C:\Windows\system32\dnsapi.dll'
Signed -> 'C:\Windows\system32\mshtml.dll'
Signed -> 'C:\Windows\system32\regsvr32.exe'
Signed -> 'C:\Windows\system32\rundll32.exe'
Signed -> 'C:\Windows\system32\userinit.exe'
Signed -> 'C:\Windows\system32\reg.exe'
Signed -> 'C:\Windows\regedit.exe'
The system files were scanned ('34' files)

Starting to scan executable files (registry):
The registry was scanned ( '3549' files ).


Starting the file scan:

Begin scan in 'C:\'
[0] Archive type: RSRC
--> C:\dell\drivers\R291096\Win7\i386\WUDFUpdate_01007.dll
[1] Archive type: RSRC
--> C:\dell\drivers\R291096\WinXP\amd64\WUDFUpdate_01007.dll
[2] Archive type: RSRC
--> C:\dell\drivers\R291096\WinXP\i386\WUDFUpdate_01007.dll
[3] Archive type: RSRC
--> C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\nubia z7 mini root+recovery.rar.vir
[4] Archive type: RAR
--> towelroot v3.apk
[5] Archive type: ZIP
--> classes.dex
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\nubia z7 mini root+recovery.rar.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
--> C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[4] Archive type: ZIP
--> classes.dex
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
--> C:\Sabine\downloads\___Android-Streak\ADBDriver_v3_Google\usb_driver\amd64\WUDFUpdate_01007.dll
[4] Archive type: RSRC
--> C:\Sabine\downloads\___Android-Streak\ADBDriver_v3_Google\usb_driver\i386\WUDFUpdate_01007.dll
[5] Archive type: RSRC
--> C:\Sabine\downloads\___Gerätespezifische Treiber+Anwendungen\dell-treiber\streak\Windoof-Treiber\R291096.exe
[6] Archive type: ZIP SFX (self extracting)
--> Win7/amd64/WUDFUpdate_01007.dll
[7] Archive type: RSRC
--> Win7/i386/WUDFUpdate_01007.dll
[8] Archive type: RSRC
--> WinXP/amd64/WUDFUpdate_01007.dll
[9] Archive type: RSRC
--> C:\Sabine\dump\jxpiinstall.exe
[10] Archive type: Runtime Packed
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Dell-Streak\Software\Gingerbread 2.3\Dell-Treiber\R288920.exe
[11] Archive type: ZIP SFX (self extracting)
--> Win7/amd64/WUDFUpdate_01007.dll
[12] Archive type: RSRC
--> Win7/i386/WUDFUpdate_01007.dll
[13] Archive type: RSRC
--> WinXP/amd64/WUDFUpdate_01007.dll
[14] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Dell-Streak\Software\USB-Tethering\treiber\R291096.exe
[15] Archive type: ZIP SFX (self extracting)
--> Win7/amd64/WUDFUpdate_01007.dll
[16] Archive type: RSRC
--> Win7/i386/WUDFUpdate_01007.dll
[17] Archive type: RSRC
--> WinXP/amd64/WUDFUpdate_01007.dll
[18] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\latest_usb_driver_windows.zip
[19] Archive type: ZIP
--> usb_driver/amd64/winusbcoinstaller2.dll
[20] Archive type: RSRC
--> usb_driver/amd64/WUDFUpdate_01009.dll
[21] Archive type: RSRC
--> usb_driver/i386/winusbcoinstaller2.dll
[22] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\amd64\winusbcoinstaller2.dll
[23] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\amd64\WUDFUpdate_01009.dll
[24] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\i386\winusbcoinstaller2.dll
[25] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\i386\WUDFUpdate_01009.dll
[26] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ProgrammeZumRooten+PlaystoreEinrichten\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[27] Archive type: ZIP
--> classes.dex
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ProgrammeZumRooten+PlaystoreEinrichten\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ROMs\StockRom_1.4.2\update.zip
[27] Archive type: ZIP
--> system/preset_apps/TP_Weibo_4.0.0_602.apk
[28] Archive type: ZIP
--> classes.dex
[DETECTION] Contains recognition pattern of the SPR/ANDR.Igexin.A.Gen program
[WARNING] Infected files in archives cannot be repaired
--> system/preset_apps/TP_baidumap_6.2.0.apk
[28] Archive type: ZIP
--> classes.dex
[DETECTION] Contains recognition pattern of the SPR/ANDR.SystemMonitor.A.Gen program
[WARNING] Infected files in archives cannot be repaired
--> system/preset_apps/TP_iReader_2013122410.apk
[28] Archive type: ZIP
--> classes.dex
[DETECTION] Contains recognition pattern of the SPR/ANDR.Umpay.FK.Gen program
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ROMs\StockRom_1.4.2\update.zip
[DETECTION] Contains recognition pattern of the SPR/ANDR.Umpay.FK.Gen program
--> C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\nubia z7 mini root+recovery.rar.vir
[27] Archive type: RAR
--> towelroot v3.apk
[28] Archive type: ZIP
--> classes.dex
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\nubia z7 mini root+recovery.rar.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
--> C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[27] Archive type: ZIP
--> classes.dex
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
--> C:\Sabine\downloads\___Android-Streak\ADBDriver_v3_Google\usb_driver\amd64\WUDFUpdate_01007.dll
[27] Archive type: RSRC
--> C:\Sabine\downloads\___Android-Streak\ADBDriver_v3_Google\usb_driver\i386\WUDFUpdate_01007.dll
[28] Archive type: RSRC
--> C:\Sabine\downloads\___Gerätespezifische Treiber+Anwendungen\dell-treiber\streak\Windoof-Treiber\R291096.exe
[29] Archive type: ZIP SFX (self extracting)
--> Win7/amd64/WUDFUpdate_01007.dll
[30] Archive type: RSRC
--> Win7/i386/WUDFUpdate_01007.dll
[31] Archive type: RSRC
--> WinXP/amd64/WUDFUpdate_01007.dll
[32] Archive type: RSRC
--> C:\Sabine\dump\jxpiinstall.exe
[33] Archive type: Runtime Packed
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Dell-Streak\Software\Gingerbread 2.3\Dell-Treiber\R288920.exe
[34] Archive type: ZIP SFX (self extracting)
--> Win7/amd64/WUDFUpdate_01007.dll
[35] Archive type: RSRC
--> Win7/i386/WUDFUpdate_01007.dll
[36] Archive type: RSRC
--> WinXP/amd64/WUDFUpdate_01007.dll
[37] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Dell-Streak\Software\USB-Tethering\treiber\R291096.exe
[38] Archive type: ZIP SFX (self extracting)
--> Win7/amd64/WUDFUpdate_01007.dll
[39] Archive type: RSRC
--> Win7/i386/WUDFUpdate_01007.dll
[40] Archive type: RSRC
--> WinXP/amd64/WUDFUpdate_01007.dll
[41] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\latest_usb_driver_windows.zip
[42] Archive type: ZIP
--> usb_driver/amd64/winusbcoinstaller2.dll
[43] Archive type: RSRC
--> usb_driver/amd64/WUDFUpdate_01009.dll
[44] Archive type: RSRC
--> usb_driver/i386/winusbcoinstaller2.dll
[45] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\amd64\winusbcoinstaller2.dll
[46] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\amd64\WUDFUpdate_01009.dll
[47] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\i386\winusbcoinstaller2.dll
[48] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\GoogleADB-Treiber\usb_driver\i386\WUDFUpdate_01009.dll
[49] Archive type: RSRC
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ProgrammeZumRooten+PlaystoreEinrichten\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[50] Archive type: ZIP
--> classes.dex
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ProgrammeZumRooten+PlaystoreEinrichten\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
--> C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ROMs\StockRom_1.4.2\update.zip
[50] Archive type: ZIP
--> system/preset_apps/TP_Weibo_4.0.0_602.apk
[51] Archive type: ZIP
--> classes.dex
[DETECTION] Contains recognition pattern of the SPR/ANDR.Igexin.A.Gen program
[WARNING] Infected files in archives cannot be repaired
--> system/preset_apps/TP_baidumap_6.2.0.apk
[51] Archive type: ZIP
--> classes.dex
[DETECTION] Contains recognition pattern of the SPR/ANDR.SystemMonitor.A.Gen program
[WARNING] Infected files in archives cannot be repaired
--> system/preset_apps/TP_iReader_2013122410.apk
[51] Archive type: ZIP
--> classes.dex
[DETECTION] Contains recognition pattern of the SPR/ANDR.Umpay.FK.Gen program
[WARNING] Infected files in archives cannot be repaired
C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ROMs\StockRom_1.4.2\update.zip
[DETECTION] Contains recognition pattern of the SPR/ANDR.Umpay.FK.Gen program

Beginning disinfection:
C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ROMs\StockRom_1.4.2\update.zip
[DETECTION] Contains recognition pattern of the SPR/ANDR.Umpay.FK.Gen program
[WARNING] The file was ignored.
C:\Sabine\IT+Kommunikations-Technik\PC\HW_Handies+Smartphones+MP3Player\Nubia Z7 Mini\ProgrammeZumRooten+PlaystoreEinrichten\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] The file was ignored.
C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\towelroot v3.apk.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] The file was ignored.
C:\Sabine\downloads\___Android-Nubia\Nubia Z7 Mini Root+Recovery\nubia z7 mini root+recovery.rar.vir
[DETECTION] Contains code of the ANDROID/TowelExploit.A.Gen virus
[WARNING] The file was ignored.


End of the scan: Dienstag, 17. März 2015 07:38
Used time: 9:06:10 Hour(s)

The scan has been done completely.

62916 Scanned directories
10830559 Files were scanned
20 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
10830539 Files not concerned
1123784 Archives were scanned
16 Warnings
0 Notes
1348950 Objects were scanned with rootkit scan
0 Hidden objects were found

schrauber 17.03.2015 12:41
passt :)

Areuka 18.03.2015 21:59
Vielen vielen Dank! Hab auch Avira nochmal von CD gestartet, hat auch nix gefunden.

Ich hab noch eine andere Frage. Ich würde mich gern schlau machen, wie man den Internettraffic überprüfen kann, um eventuellen mißbräuchlichen Aktivitäten auf die Spur zu kommen. Hatte mir mal probeweise Wireshark installiert, bin aber nicht durchgestiegen. Auch die Anleitung in diversen Wikis ware für mich totales Fach-Chinesisch, da werden wohl jede Menge Vorkenntnisse vorausgesetzt, die ich nicht habe.

Hast Du vielleicht einen Tipp, wo man sich da einlesen kann, was auch für Normalsterbliche noch verständlich ist?

schrauber 19.03.2015 11:51
Naja, das geht eben nur mit Wireshark richtig gut, aber sowas kann man nit ohne richtig gute Kenntnisse überwachen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27