GVU-Trojaner nach Windowsunlocker noch vorhanden

BSB_12 · 24.10.2013, 18:23

Moin,

ich habe mir vor zwei Wochen den GVU-Trojaner eingefangen bzw. er hatte sich aktiviert. Abgesicherter Modus in allen Varianten hatte nicht funktioniert bzw. der Rechner hat sich automatisch heruntergefahren. Dann hatte ich mir von chip.de Windowsunlocker runtergeladen und benutzt und obwohl er auch etliche Trojaner gefunden und gelöscht hatte, ist der GVU-Trojaner immer noch vorhanden.

Ich bitte um Hilfe. Schon mal Danke im Voraus.

Beste Grüße Martin

aharonov · 24.10.2013, 23:45

Hallo Martin,

hast du Windows Vista oder höher? Dann versuch bitte einen Scan mit FRST:

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

BSB_12 · 25.10.2013, 17:05

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by SYSTEM on MININT-1LP6HOS on 25-10-2013 17:59:20
Running from F:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2839840 2010-04-07] (ESET)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-03-12] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Notebook\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2009-11-15] (Alcohol Soft Development Team)
Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o727tzj9.lnk
ShortcutTarget: o727tzj9.lnk -> C:\PROGRA~3\9jzt727o.plz ()

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-23] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-23] (DealPly Technologies Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42336 2010-04-07] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810120 2010-04-07] (ESET)
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2010-06-25] ()
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2010-11-04] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2010-09-30] (TuneUp Software)
S2 Winmgmt; C:\PROGRA~3\o727tzj9.pzz [60512 2013-10-10] (Microsoft Corporation)
S4 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163888 2010-04-07] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-07] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2010-01-23] (Realtek Semiconductor Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-29] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-17 21:26 - 2013-10-19 08:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-14 22:20 - 2013-10-14 22:20 - 01593856 ____N C:\ProgramData\o727tzj9.fki
2013-10-10 16:28 - 2013-10-23 17:16 - 95025368 ____T C:\ProgramData\o727tzj9.pff
2013-10-10 16:28 - 2013-10-23 17:16 - 00000000 _____ C:\ProgramData\o727tzj9.ctrl
2013-10-10 16:28 - 2013-10-10 16:28 - 00115200 _____ C:\ProgramData\9jzt727o.plz
2013-10-10 16:28 - 2013-10-10 16:28 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\o727tzj9.pzz
2013-10-09 16:23 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:23 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 16:23 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 16:23 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-09 16:23 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 16:22 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 13:53 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-09 13:53 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-09 13:53 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-09 13:53 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-09 13:53 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-09 13:53 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-09 13:53 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 13:53 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-09 13:53 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-09 13:53 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-09 13:53 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-09 13:53 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-09 13:53 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 13:53 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 13:53 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 13:53 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-10-09 13:53 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-04 20:09 - 2013-10-04 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-23 17:16 - 2013-10-10 16:28 - 95025368 ____T C:\ProgramData\o727tzj9.pff
2013-10-23 17:16 - 2013-10-10 16:28 - 00000000 _____ C:\ProgramData\o727tzj9.ctrl
2013-10-23 17:16 - 2013-08-23 19:55 - 00000906 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-10-23 17:16 - 2010-11-24 15:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 17:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-23 17:16 - 2009-07-14 05:51 - 00176068 _____ C:\Windows\setupact.log
2013-10-23 17:03 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-23 17:03 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-23 17:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-10-19 08:04 - 2013-10-17 21:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-18 14:40 - 2013-08-20 18:29 - 00001917 ___SH C:\ProgramData\e529bfc3-c17a-4d79-b236-8b5a5d266fad
2013-10-17 19:00 - 2013-08-23 19:55 - 00000910 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-10-15 16:54 - 2013-08-23 19:54 - 00000302 _____ C:\Windows\Tasks\Dealply.job
2013-10-14 22:20 - 2013-10-14 22:20 - 01593856 ____N C:\ProgramData\o727tzj9.fki
2013-10-10 17:23 - 2010-04-28 18:17 - 01837689 _____ C:\Windows\WindowsUpdate.log
2013-10-10 16:43 - 2010-11-24 15:04 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 16:28 - 2013-10-10 16:28 - 00115200 _____ C:\ProgramData\9jzt727o.plz
2013-10-10 16:28 - 2013-10-10 16:28 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\o727tzj9.pzz
2013-10-10 16:26 - 2012-04-20 14:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-09 18:11 - 2012-12-24 12:49 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Nitro PDF
2013-10-09 17:26 - 2012-04-20 14:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 16:31 - 2009-07-14 05:45 - 04968920 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 16:25 - 2010-06-25 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 16:17 - 2013-08-14 14:59 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 16:17 - 2009-10-14 06:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-06 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-06 18:12 - 2013-08-20 18:12 - 00000000 ____D C:\ProgramData\6772d2f8-6c8a-4151-a5d7-0b3336329b43
2013-10-06 17:37 - 2010-07-29 12:50 - 00000000 ____D C:\Users\Notebook\Desktop\Hannes
2013-10-06 15:46 - 2009-07-14 18:58 - 00645740 _____ C:\Windows\System32\perfh007.dat
2013-10-06 15:46 - 2009-07-14 18:58 - 00127028 _____ C:\Windows\System32\perfc007.dat
2013-10-06 15:46 - 2009-07-14 06:13 - 01472002 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-06 15:40 - 2013-01-09 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 21:15 - 2010-04-30 09:35 - 00000000 ____D C:\Users\Notebook\AppData\Local\Mozilla
2013-10-04 20:10 - 2013-10-04 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-04 19:09 - 2013-02-25 18:57 - 00000000 ____D C:\Program Files (x86)\Origin

Files to move or delete:
====================
C:\ProgramData\9jzt727o.plz
C:\ProgramData\o727tzj9.ctrl
C:\ProgramData\o727tzj9.pff


Some content of TEMP:
====================
C:\Users\Notebook\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Notebook\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Notebook\AppData\Local\Temp\~tmf5624884265661520678.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

7
Restore point made on: 2013-09-12 15:58:07
Restore point made on: 2013-09-17 16:20:48
Restore point made on: 2013-09-24 16:21:29
Restore point made on: 2013-09-27 19:07:57
Restore point made on: 2013-10-01 18:35:56
Restore point made on: 2013-10-08 07:40:03
Restore point made on: 2013-10-09 14:05:26

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3838.36 MB
Available physical RAM: 3250.75 MB
Total Pagefile: 3836.5 MB
Available Pagefile: 3263.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:282.19 GB) (Free:11.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:15.89 GB) (Free:3.55 GB) FAT32
Drive f: (USB-69) (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E14C13AA)
Partition 1: (Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 91F72D24)
Partition 1: (Not Active) - (Size=964 MB) - (Type=06)


LastRegBack: 2013-10-06 18:43

==================== End Of Log ============================

--- --- ---

aharonov · 25.10.2013, 18:26

Hi,

lässt sich der Rechner nach diesem Fix wieder normal starten?

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o727tzj9.lnk
ShortcutTarget: o727tzj9.lnk -> C:\PROGRA~3\9jzt727o.plz ()
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2010-06-25] ()
S2 Winmgmt; C:\PROGRA~3\o727tzj9.pzz [60512 2013-10-10] (Microsoft Corporation)
2013-10-10 16:28 - 2013-10-10 16:28 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\o727tzj9.pzz
2013-10-14 22:20 - 2013-10-14 22:20 - 01593856 ____N C:\ProgramData\o727tzj9.fki
2013-10-10 16:28 - 2013-10-23 17:16 - 95025368 ____T C:\ProgramData\o727tzj9.pff
2013-10-10 16:28 - 2013-10-23 17:16 - 00000000 _____ C:\ProgramData\o727tzj9.ctrl
2013-10-10 16:28 - 2013-10-10 16:28 - 00115200 _____ C:\ProgramData\9jzt727o.plz
C:\Users\Notebook\AppData\Local\Temp\~tmf5624884265661520678.dll

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

BSB_12 · 28.10.2013, 15:46

Also der Rechner ließ sich immer normal starten. Nur wenn ich in Windows komme, kommt immer noch der Trojaner.

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by SYSTEM at 2013-10-28 16:41:02 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o727tzj9.lnk
ShortcutTarget: o727tzj9.lnk -> C:\PROGRA~3\9jzt727o.plz ()
S2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2010-06-25] ()
S2 Winmgmt; C:\PROGRA~3\o727tzj9.pzz [60512 2013-10-10] (Microsoft Corporation)
2013-10-10 16:28 - 2013-10-10 16:28 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\o727tzj9.pzz
2013-10-14 22:20 - 2013-10-14 22:20 - 01593856 ____N C:\ProgramData\o727tzj9.fki
2013-10-10 16:28 - 2013-10-23 17:16 - 95025368 ____T C:\ProgramData\o727tzj9.pff
2013-10-10 16:28 - 2013-10-23 17:16 - 00000000 _____ C:\ProgramData\o727tzj9.ctrl
2013-10-10 16:28 - 2013-10-10 16:28 - 00115200 _____ C:\ProgramData\9jzt727o.plz
C:\Users\Notebook\AppData\Local\Temp\~tmf5624884265661520678.dll
*****************

C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o727tzj9.lnk => Moved successfully.
C:\PROGRA~3\9jzt727o.plz => Moved successfully.
KMService => Service deleted successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\o727tzj9.pzz => Moved successfully.
C:\ProgramData\o727tzj9.fki => Moved successfully.
C:\ProgramData\o727tzj9.pff => Moved successfully.
C:\ProgramData\o727tzj9.ctrl => Moved successfully.
"C:\ProgramData\9jzt727o.plz" => File/Directory not found.
C:\Users\Notebook\AppData\Local\Temp\~tmf5624884265661520678.dll => Moved successfully.

==== End of Fixlog ====

PS: Nach dem Fix komme ich doch rein ohne das der Trojaner aktiviert ist

. Was ist jetzt noch zu machen?

aharonov · 29.10.2013, 10:51

Ok, dann weiter:
Verschiebe die frst64.exe vom USB-Stick auf den Desktop.

Starte dann FRST.
Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

BSB_12 · 29.10.2013, 15:50

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013
Ran by Notebook at 2013-10-29 15:45:59
Running from C:\Users\Notebook\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.6.606)
Advertising Center (x32 Version: 0.0.0.2)
Applian Director (x32 Version: 4)
Atheros Client Installation Program (x32 Version: 7.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
AVS Image Converter 1.3.2.141 (x32)
AVS Update Manager 1.0 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Dealply (HKCU)
DealPly (remove only) (x32 Version: 4.8.7.3)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DivX-Setup (x32 Version: 1.0.0.450)
DolbyFiles (x32 Version: 2.0)
EA Installer (x32 Version: 2.3.0.74)
Easy CD-DA Extractor 2010 (x32 Version: 2010)
ESET NOD32 Antivirus (Version: 4.2.40.10)
Flatcast Viewer Plugin 5.3.0.650 (x32)
Flatcast Viewer Plugin 5.3.0.718 (x32)
Free Video to MP3 Converter version 5.0.21.1212 (x32 Version: 5.0.21.1212)
FUSSBALL MANAGER 11 (x32 Version: 1.0.0.3)
FUSSBALL MANAGER 12 (x32 Version: 1.0.0.0)
FUSSBALL MANAGER 13 (x32 Version: 1.0.2.0)
Google Update Helper (x32 Version: 1.3.21.153)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135)
HeadStrong WebClicker v2.56 (x32 Version: 2.56)
HP PrecisionScan LTX (x32)
ImagXpress (x32 Version: 7.0.74.0)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
K-Lite Codec Pack (64-bit) v3.4.0 (Version: 3.4.0)
K-Lite Mega Codec Pack 5.9.0 (x32 Version: 5.9.0)
Lidl-Fotos (x32)
Malwarebytes Anti-Malware Version 1.60.0.1800 (x32 Version: 1.60.0.1800)
Media Converter SA Edition 0.8 (x32 Version: 0.8)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mobile Partner (x32 Version: 11.300.05.00.382)
Movie Templates - Starter Kit (x32 Version: 9.4.6.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 Trial (x32)
Nero BurnRights (x32 Version: 3.4.13.100)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero CoverDesigner (x32 Version: 4.4.12.100)
Nero Disc Copy Gadget (x32 Version: 2.4.34.0)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero PhotoSnap (x32 Version: 2.4.28.0)
Nero Recode (x32 Version: 4.4.38.1)
Nero Rescue Agent (x32 Version: 2.4.14.100)
Nero ShowTime (x32 Version: 5.4.21.100)
Nero StartSmart (x32 Version: 9.4.19.100)
Nero Vision (x32 Version: 6.4.16.100)
Nero WaveEditor (x32 Version: 5.4.37.1)
NeroBurningROM (x32 Version: 9.4.26.100)
NeroExpress (x32 Version: 9.4.26.100)
neroxml (x32 Version: 1.0.0)
Nitro Reader 3 (Version: 3.1.1.3)
No23 Recorder (x32 Version: 2.1.0.3)
NVIDIA Drivers (Version: 1.5)
NVIDIA PhysX (x32 Version: 9.10.0512)
Octoshape Streaming Services (HKCU)
Opera 12.16 (x32 Version: 12.16.1860)
Origin (x32 Version: 9.0.11.77)
PDF Settings CS5 (x32 Version: 10.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5939)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105)
Rossmann Fotowelt Software 4.9 (x32 Version: 4.9)
Settlers 2 GOLD (x32)
Skype Toolbars (x32 Version: 5.0.4137)
Skype™ 5.10 (x32 Version: 5.10.116)
SoundTap Streaming Audio Recorder (x32)
SoundTrax (x32 Version: 4.4.37.1)
Sweet Home 3D version 3.1 (x32)
SYMplus Drehen deu (x32)
Synaptics Pointing Device Driver (Version: 14.0.0.3)
Trillian (x32)
TuneUp Utilities (x32 Version: 9.0.4700.21)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.4700.21)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Winamp (x32 Version: 5.572 )
WinRAR
xHamster Video Downloader 3.23 (x32)
Yahoo! Detect (x32)

==================== Restore Points  =========================

27-09-2013 18:07:22 Windows Update
01-10-2013 17:35:26 Windows Update
08-10-2013 06:39:35 Windows Update
09-10-2013 13:05:10 Windows Update
28-10-2013 15:55:55 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2010-04-29 08:43 - 00000976 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0CD42610-FAC5-4C1F-92E6-09737C89BBF7} - System32\Tasks\AdobeAAMUpdater-1.0-Notebook-69-Notebook => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {1033CCA7-BBB0-4903-B65F-4F7E6B8A1EF4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2010-09-30] (TuneUp Software)
Task: {2F2ACF27-3C01-45E5-A096-CD18E97C9E2F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08] (Sun Microsystems, Inc.)
Task: {36CCE1A0-6A95-446F-AF64-56BE3C466319} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-23] (DealPly Technologies Ltd)
Task: {4594CFF0-8304-4B9D-AB0E-4CB2AC202865} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {68D4F4E9-AE9F-452B-8A6C-D96F8FFE452B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {8BBE876B-285F-4EF3-A0F8-5C87459565CF} - System32\Tasks\{8E936B9A-B554-409F-AF5E-AB0594576B3A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {8F52D383-8015-4CE5-A51A-37C71258CF64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E5401CC-98B6-4E48-A347-5D6979CFB035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
Task: {AE858B49-F042-48CD-96B4-B69F35FDEED1} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-23] (DealPly Technologies Ltd)
Task: {BFAB1F0E-7552-44B9-B059-3B941F6EF76B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {DF6CE83D-B496-487B-9F82-3C7A00CB021A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
Task: {EABCA3C2-8C86-4708-B93C-A10A8DC94B01} - System32\Tasks\Games\UpdateCheck_S-1-5-21-300217975-2781022776-3715872198-1000
Task: {F34EE837-2D03-4E37-9346-B3678DA5E82A} - System32\Tasks\Dealply => C:\Users\Notebook\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Notebook\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-12 23:02 - 2010-03-12 23:02 - 00095528 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Notebook:zylomtest
AlternateDataStreams: C:\Users\Notebook:zylomtr{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUV}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2013 04:15:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/28/2013 04:14:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/14/2013 10:21:35 PM) (Source: Application Hang) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7c0

Startzeit: 01cec92341ca2c10

Endzeit: 4

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 903e9521-3516-11e3-8984-00222004b4a7

Error: (10/10/2013 04:33:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.9200.16720, Zeitstempel: 0x523d0755
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00008436
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3

Error: (10/06/2013 06:45:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/06/2013 06:44:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/26/2013 05:49:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x560cec83
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3

Error: (09/26/2013 05:48:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.9200.16686, Zeitstempel: 0x5205a30c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00008436
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3

Error: (09/17/2013 00:15:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mpc-hc.exe, Version: 1.3.1774.0, Zeitstempel: 0x4bb3153b
Name des fehlerhaften Moduls: mpc-hc.exe, Version: 1.3.1774.0, Zeitstempel: 0x4bb3153b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d8f1
ID des fehlerhaften Prozesses: 0x134
Startzeit der fehlerhaften Anwendung: 0xmpc-hc.exe0
Pfad der fehlerhaften Anwendung: mpc-hc.exe1
Pfad des fehlerhaften Moduls: mpc-hc.exe2
Berichtskennung: mpc-hc.exe3

Error: (09/13/2013 03:23:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x740ac9f5
ID des fehlerhaften Prozesses: 0x96c
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3


System errors:
=============
Error: (10/25/2013 08:40:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:39:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:39:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:38:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:38:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:37:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:37:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:36:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:36:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:35:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (10/28/2013 04:15:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (10/28/2013 04:14:31 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/14/2013 10:21:35 PM) (Source: Application Hang)(User: )
Description: rundll32.exe6.1.7600.163857c001cec92341ca2c104C:\Windows\SysWOW64\rundll32.exe903e9521-3516-11e3-8984-00222004b4a7

Error: (10/10/2013 04:33:34 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59djscript.dll5.8.9200.16720523d0755c000000500008436fdc01cec5cdc9dfa5c0C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\SysWOW64\jscript.dll52866f30-31c1-11e3-b2e9-bd64645c236a

Error: (10/06/2013 06:45:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (10/06/2013 06:44:41 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2013 05:49:37 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59dunknown0.0.0.000000000c0000005560cec8311e801cebad60da72ab0C:\Program Files (x86)\Winamp\winamp.exeunknowna0a373d0-26cb-11e3-a07c-00222004b4a7

Error: (09/26/2013 05:48:27 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59djscript.dll5.8.9200.166865205a30cc00000050000843611e801cebad60da72ab0C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\SysWOW64\jscript.dll76caddf0-26cb-11e3-a07c-00222004b4a7

Error: (09/17/2013 00:15:23 AM) (Source: Application Error)(User: )
Description: mpc-hc.exe1.3.1774.04bb3153bmpc-hc.exe1.3.1774.04bb3153bc00000050001d8f113401ceb317bf753b90C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exedc673850-1f25-11e3-a155-8f6dd6883042

Error: (09/13/2013 03:23:43 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59dunknown0.0.0.000000000c0000005740ac9f596c01ceb08c6076ee00C:\Program Files (x86)\Winamp\winamp.exeunknown171cec90-1c80-11e3-9e67-00222004b4a7


CodeIntegrity Errors:
===================================
  Date: 2011-07-17 17:46:46.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 17:23:19.346
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 17:07:04.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 17:01:10.447
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 16:37:54.985
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 15:50:52.606
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 15:35:51.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 14:36:48.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 14:30:02.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 14:24:06.192
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 3838.36 MB
Available physical RAM: 2645.55 MB
Total Pagefile: 7674.89 MB
Available Pagefile: 6450.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:282.19 GB) (Free:13.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:15.89 GB) (Free:3.55 GB) FAT32
Drive f: (USB-69) (Removable) (Total:0.94 GB) (Free:0.92 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E14C13AA)
Partition 1: (Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 964 MB) (Disk ID: 91F72D24)
Partition 1: (Not Active) - (Size=964 MB) - (Type=06)

==================== End Of Log ============================

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Notebook (administrator) on NOTEBOOK-69 on 29-10-2013 15:42:49
Running from C:\Users\Notebook\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2839840 2010-04-07] (ESET)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2009-11-15] (Alcohol Soft Development Team)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: I - I:\LaunchU3.exe -a
MountPoints2: {6018f0c1-97ef-11e0-a277-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {6018f0c6-97ef-11e0-a277-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {7e155d08-be4c-11e0-9d52-811ae6e2aa6c} - H:\AutoRun.exe
MountPoints2: {7e155d0c-be4c-11e0-9d52-811ae6e2aa6c} - F:\AutoRun.exe
MountPoints2: {877ce8e2-be20-11e0-a5df-ff55a6ef1b7e} - F:\AutoRun.exe
MountPoints2: {877ce8fe-be20-11e0-a5df-ff55a6ef1b7e} - F:\AutoRun.exe
MountPoints2: {877ce92b-be20-11e0-a5df-f0ef8b26f925} - F:\AutoRun.exe
MountPoints2: {ef2d4a44-afe1-11e0-917d-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {ef2d4a4f-afe1-11e0-917d-00222004b4a7} - F:\AutoRun.exe
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1135912 2010-03-12] ()
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
URLSearchHook: (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} -  No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
FF DefaultSearchEngine: ZoneAlarm-Sicherheit Customized Web Search
FF SelectedSearchEngine: ZoneAlarm-Sicherheit Customized Web Search
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Notebook\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~2\Opera\program\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DealPly  Shopping - C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (DealPly  Shopping) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0

==================== Services (Whitelisted) =================

S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-23] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-23] (DealPly Technologies Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42336 2010-04-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810120 2010-04-07] (ESET)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2010-11-04] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2010-09-30] (TuneUp Software)
S4 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [428032 2009-07-14] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163888 2010-04-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-07] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
R3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2010-01-23] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-29] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2010-02-25] (TuneUp Software)
U3 aeu9s5eq; C:\Windows\System32\Drivers\aeu9s5eq.sys [0 ] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 15:40 - 2013-10-25 17:43 - 01955412 _____ (Farbar) C:\Users\Notebook\Desktop\FRST64.exe
2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-17 21:26 - 2013-10-19 08:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-09 16:23 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:23 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 16:23 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 16:23 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 16:23 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 16:22 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 13:53 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 13:53 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 13:53 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:53 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 13:53 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 13:53 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 13:53 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 13:53 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 13:53 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 13:53 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:53 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 13:53 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 13:53 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 13:53 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 13:53 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 13:53 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-09 13:53 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-04 20:09 - 2013-10-04 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-29 15:43 - 2010-11-24 15:04 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 15:42 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 15:42 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 15:41 - 2009-07-14 18:58 - 00645740 _____ C:\Windows\system32\perfh007.dat
2013-10-29 15:41 - 2009-07-14 18:58 - 00127028 _____ C:\Windows\system32\perfc007.dat
2013-10-29 15:41 - 2009-07-14 06:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 15:40 - 2010-04-28 18:17 - 01876181 _____ C:\Windows\WindowsUpdate.log
2013-10-29 15:37 - 2013-08-23 19:55 - 00000906 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-10-29 15:37 - 2010-11-24 15:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 15:37 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 15:37 - 2009-07-14 05:51 - 00176236 _____ C:\Windows\setupact.log
2013-10-29 15:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-10-28 21:00 - 2013-08-23 19:55 - 00000910 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-10-28 20:55 - 2013-08-23 19:54 - 00000302 _____ C:\Windows\Tasks\Dealply.job
2013-10-28 20:26 - 2012-04-20 14:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-28 16:41 - 2010-04-28 18:20 - 00000000 ___RD C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-25 17:43 - 2013-10-29 15:40 - 01955412 _____ (Farbar) C:\Users\Notebook\Desktop\FRST64.exe
2013-10-19 08:04 - 2013-10-17 21:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-18 14:40 - 2013-08-20 18:29 - 00001917 ___SH C:\ProgramData\e529bfc3-c17a-4d79-b236-8b5a5d266fad
2013-10-09 18:11 - 2012-12-24 12:49 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Nitro PDF
2013-10-09 17:26 - 2012-04-20 14:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 16:31 - 2009-07-14 05:45 - 04968920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 16:25 - 2010-06-25 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 16:19 - 2013-08-14 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 16:17 - 2009-10-14 06:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-06 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-06 18:12 - 2013-08-20 18:12 - 00000000 ____D C:\ProgramData\6772d2f8-6c8a-4151-a5d7-0b3336329b43
2013-10-06 17:37 - 2010-07-29 12:50 - 00000000 ____D C:\Users\Notebook\Desktop\Hannes
2013-10-06 15:40 - 2013-01-09 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 21:15 - 2010-04-30 09:35 - 00000000 ____D C:\Users\Notebook\AppData\Local\Mozilla
2013-10-04 20:10 - 2013-10-04 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-04 19:09 - 2013-02-25 18:57 - 00000000 ____D C:\Program Files (x86)\Origin

Some content of TEMP:
====================
C:\Users\Notebook\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Notebook\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-28 16:13

==================== End Of Log ============================

--- --- ---

aharonov · 29.10.2013, 17:11

Hi,

Ich hab bei der ersten schnelle Durchsicht der Logs gesehen, dass du unsaubere Software nutzt. Das unterstützen wir nicht: http://www.trojaner-board.de/95394-c...-software.html

Wenn ich dir helfen soll, dann deinstalliere und entferne jetzt zuerst restlos alle illegale Software (Cracks, Keygens, etc.). Sobald alles weg ist, können wir loslegen. Sollte ich im weiteren Verlauf aber trotz dieser Warnung nochmals sowas sehen, ist Schluss.

Gib mir Bescheid, sobald es hier weiter geht.

BSB_12 · 31.10.2013, 20:55

Moin,

ich habe vorhin erst einmal meinen älteren Bruder angerufen und Ballett gemacht. Der hatte mir nämlich den Rechner vererbt, nachdem er sich einen Neuen zugelegt hatte.

Ich habe jetzt alle Programme mit denen ich nichts anzufangen weiß bzw. ich nicht nutze, da ich nur surfe und Büroarbeiten mache, runter geschmissen und hoffe, dass ich nur noch Legales drauf habe. Soll ich auch das Anti-Viren-Programm entfernen? Das ist ja absolut nicht mehr aktuell!

Muss ich sonst noch etwas entfernen? Ich weiß nicht, woran man erkennt, was ich alles für unsaubere Software habe.

Beste Grüße

Hier der neuen txt Dateien:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Notebook (administrator) on NOTEBOOK-69 on 31-10-2013 20:41:13
Running from C:\Users\Notebook\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2839840 2010-04-07] (ESET)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: I - I:\LaunchU3.exe -a
MountPoints2: {6018f0c1-97ef-11e0-a277-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {6018f0c6-97ef-11e0-a277-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {7e155d08-be4c-11e0-9d52-811ae6e2aa6c} - H:\AutoRun.exe
MountPoints2: {7e155d0c-be4c-11e0-9d52-811ae6e2aa6c} - F:\AutoRun.exe
MountPoints2: {877ce8e2-be20-11e0-a5df-ff55a6ef1b7e} - F:\AutoRun.exe
MountPoints2: {877ce8fe-be20-11e0-a5df-ff55a6ef1b7e} - F:\AutoRun.exe
MountPoints2: {877ce92b-be20-11e0-a5df-f0ef8b26f925} - F:\AutoRun.exe
MountPoints2: {ef2d4a44-afe1-11e0-917d-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {ef2d4a4f-afe1-11e0-917d-00222004b4a7} - F:\AutoRun.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
FF DefaultSearchEngine: ZoneAlarm-Sicherheit Customized Web Search
FF SelectedSearchEngine: ZoneAlarm-Sicherheit Customized Web Search
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Notebook\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~2\Opera\program\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DealPly  Shopping - C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\Extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (DealPly  Shopping) - C:\Users\Notebook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi\3.5.0.0_0

==================== Services (Whitelisted) =================

S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-23] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-23] (DealPly Technologies Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42336 2010-04-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810120 2010-04-07] (ESET)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [163888 2010-04-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [139704 2010-04-07] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [124760 2010-04-07] (ESET)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
R3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2010-01-23] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-29] ()
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-31 20:40 - 2013-10-31 20:40 - 01957098 _____ (Farbar) C:\Users\Notebook\Desktop\FRST64.exe
2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-17 21:26 - 2013-10-19 08:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-09 16:23 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:23 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 16:23 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 16:23 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 16:23 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 16:22 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 13:53 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 13:53 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 13:53 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:53 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 13:53 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 13:53 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 13:53 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 13:53 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 13:53 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 13:53 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:53 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 13:53 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 13:53 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 13:53 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 13:53 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 13:53 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-09 13:53 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-04 20:09 - 2013-10-04 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-31 20:40 - 2013-10-31 20:40 - 01957098 _____ (Farbar) C:\Users\Notebook\Desktop\FRST64.exe
2013-10-31 20:36 - 2009-07-14 18:58 - 00645740 _____ C:\Windows\system32\perfh007.dat
2013-10-31 20:36 - 2009-07-14 18:58 - 00127028 _____ C:\Windows\system32\perfc007.dat
2013-10-31 20:36 - 2009-07-14 06:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 20:36 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 20:36 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 20:35 - 2010-04-28 18:17 - 01049696 _____ C:\Windows\WindowsUpdate.log
2013-10-31 20:34 - 2010-04-29 08:47 - 00000000 ____D C:\Program Files (x86)\DivX
2013-10-31 20:31 - 2013-08-23 19:55 - 00000906 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-10-31 20:31 - 2010-11-24 15:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 20:31 - 2010-04-28 18:24 - 00033542 _____ C:\Windows\PFRO.log
2013-10-31 20:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 20:31 - 2009-07-14 05:51 - 00176460 _____ C:\Windows\setupact.log
2013-10-31 20:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-10-31 20:29 - 2013-02-25 18:58 - 00000000 ____D C:\ProgramData\Origin
2013-10-31 20:28 - 2010-08-30 09:50 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-31 20:26 - 2012-04-20 14:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 20:20 - 2010-06-09 17:50 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Skype
2013-10-31 20:19 - 2010-06-09 17:50 - 00000000 ____D C:\ProgramData\Skype
2013-10-31 20:06 - 2010-05-12 15:21 - 00000000 ____D C:\ProgramData\Nero
2013-10-31 20:00 - 2013-08-23 19:55 - 00000910 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-10-31 20:00 - 2010-11-24 15:04 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-31 19:55 - 2010-09-13 15:55 - 00000000 ____D C:\Users\Notebook\Desktop\Backup
2013-10-31 19:54 - 2013-08-23 19:54 - 00000302 _____ C:\Windows\Tasks\Dealply.job
2013-10-31 19:54 - 2011-06-16 09:07 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-10-31 19:33 - 2010-07-29 12:50 - 00000000 ____D C:\Users\Notebook\Desktop\Hannes
2013-10-31 19:25 - 2010-06-30 13:07 - 00000000 ____D C:\ProgramData\Adobe
2013-10-31 19:24 - 2010-06-30 13:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-31 19:22 - 2010-08-28 18:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-31 19:10 - 2010-04-29 08:45 - 00000000 ____D C:\ProgramData\DivX
2013-10-31 16:04 - 2013-08-20 18:29 - 00001917 ___SH C:\ProgramData\e529bfc3-c17a-4d79-b236-8b5a5d266fad
2013-10-30 22:55 - 2010-11-24 15:04 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-30 22:55 - 2010-11-24 15:04 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-30 22:54 - 2012-12-24 12:49 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Nitro PDF
2013-10-28 16:41 - 2010-04-28 18:20 - 00000000 ___RD C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-19 08:04 - 2013-10-17 21:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-09 17:26 - 2012-04-20 14:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 16:31 - 2009-07-14 05:45 - 04968920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 16:25 - 2010-06-25 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 16:19 - 2013-08-14 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 16:17 - 2009-10-14 06:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-06 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-06 18:12 - 2013-08-20 18:12 - 00000000 ____D C:\ProgramData\6772d2f8-6c8a-4151-a5d7-0b3336329b43
2013-10-06 15:40 - 2013-01-09 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 21:15 - 2010-04-30 09:35 - 00000000 ____D C:\Users\Notebook\AppData\Local\Mozilla
2013-10-04 20:10 - 2013-10-04 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Notebook\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Notebook\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-28 16:13

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Notebook at 2013-10-31 20:43:53
Running from C:\Users\Notebook\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Flash Player ActiveX (x32 Version: 9.0.124.0)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.6.606)
Advertising Center (x32 Version: 0.0.0.2)
Applian Director (x32 Version: 4)
Atheros Client Installation Program (x32 Version: 7.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
AVS Image Converter 1.3.2.141 (x32)
AVS Update Manager 1.0 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Dealply (HKCU)
DealPly (remove only) (x32 Version: 4.8.7.3)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DolbyFiles (x32 Version: 2.0)
ESET NOD32 Antivirus (Version: 4.2.40.10)
Flatcast Viewer Plugin 5.3.0.650 (x32)
Flatcast Viewer Plugin 5.3.0.718 (x32)
Google Update Helper (x32 Version: 1.3.21.165)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135)
HeadStrong WebClicker v2.56 (x32 Version: 2.56)
HP PrecisionScan LTX (x32)
ImagXpress (x32 Version: 7.0.74.0)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
K-Lite Codec Pack (64-bit) v3.4.0 (Version: 3.4.0)
K-Lite Mega Codec Pack 5.9.0 (x32 Version: 5.9.0)
Malwarebytes Anti-Malware Version 1.60.0.1800 (x32 Version: 1.60.0.1800)
Media Converter SA Edition 0.8 (x32 Version: 0.8)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero Installer (x32 Version: 4.4.9.0)
neroxml (x32 Version: 1.0.0)
Nitro Reader 3 (Version: 3.1.1.3)
NVIDIA Drivers (Version: 1.5)
NVIDIA PhysX (x32 Version: 9.10.0512)
Octoshape Streaming Services (HKCU)
Opera 12.16 (x32 Version: 12.16.1860)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5939)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105)
SoundTap Streaming Audio Recorder (x32)
Sweet Home 3D version 3.1 (x32)
Synaptics Pointing Device Driver (Version: 14.0.0.3)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
WinRAR
Yahoo! Detect (x32)

==================== Restore Points  =========================

08-10-2013 06:39:35 Windows Update
09-10-2013 13:05:10 Windows Update
28-10-2013 15:55:55 Geplanter Prüfpunkt
30-10-2013 21:51:18 Windows Update
31-10-2013 18:28:29 Removed Microsoft Games for Windows - LIVE Redistributable
31-10-2013 18:52:14 Removed Microsoft Games for Windows - LIVE
31-10-2013 18:56:16 Removed Nero 9 Trial 4.4.9.0
31-10-2013 19:19:19 Removed Skype Toolbars
31-10-2013 19:19:42 Removed Skype™ 5.10
31-10-2013 19:21:07 TuneUp Utilities wird entfernt
31-10-2013 19:22:04 TuneUp Utilities Language Pack (de-DE) wird entfernt
31-10-2013 19:27:41 No23 Recorder wird entfernt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2010-04-29 08:43 - 00000976 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0CD42610-FAC5-4C1F-92E6-09737C89BBF7} - System32\Tasks\AdobeAAMUpdater-1.0-Notebook-69-Notebook => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {1033CCA7-BBB0-4903-B65F-4F7E6B8A1EF4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
Task: {2F2ACF27-3C01-45E5-A096-CD18E97C9E2F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08] (Sun Microsystems, Inc.)
Task: {36CCE1A0-6A95-446F-AF64-56BE3C466319} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-23] (DealPly Technologies Ltd)
Task: {4594CFF0-8304-4B9D-AB0E-4CB2AC202865} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {68D4F4E9-AE9F-452B-8A6C-D96F8FFE452B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {8BBE876B-285F-4EF3-A0F8-5C87459565CF} - System32\Tasks\{8E936B9A-B554-409F-AF5E-AB0594576B3A} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {8F52D383-8015-4CE5-A51A-37C71258CF64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9E5401CC-98B6-4E48-A347-5D6979CFB035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
Task: {AE858B49-F042-48CD-96B4-B69F35FDEED1} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-23] (DealPly Technologies Ltd)
Task: {BFAB1F0E-7552-44B9-B059-3B941F6EF76B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {DF6CE83D-B496-487B-9F82-3C7A00CB021A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24] (Google Inc.)
Task: {EABCA3C2-8C86-4708-B93C-A10A8DC94B01} - System32\Tasks\Games\UpdateCheck_S-1-5-21-300217975-2781022776-3715872198-1000
Task: {F34EE837-2D03-4E37-9346-B3678DA5E82A} - System32\Tasks\Dealply => C:\Users\Notebook\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Notebook\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Notebook:zylomtest
AlternateDataStreams: C:\Users\Notebook:zylomtr{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVUV}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2013 08:13:03 PM) (Source: Microsoft-Windows-RestartManager) (User: Notebook-69)
Description: Die Anwendung oder der Dienst "Nero BackItUp Scheduler 4.0" konnte nicht neu gestartet werden.

Error: (10/31/2013 06:50:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x560cec83
ID des fehlerhaften Prozesses: 0xfcc
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3

Error: (10/31/2013 06:44:48 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.9200.16720, Zeitstempel: 0x523d0755
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00008436
ID des fehlerhaften Prozesses: 0xfcc
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3

Error: (10/28/2013 04:15:29 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/28/2013 04:14:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (10/14/2013 10:21:35 PM) (Source: Application Hang) (User: )
Description: Programm rundll32.exe, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7c0

Startzeit: 01cec92341ca2c10

Endzeit: 4

Anwendungspfad: C:\Windows\SysWOW64\rundll32.exe

Berichts-ID: 903e9521-3516-11e3-8984-00222004b4a7

Error: (10/10/2013 04:33:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.9200.16720, Zeitstempel: 0x523d0755
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00008436
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3

Error: (10/06/2013 06:45:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (10/06/2013 06:44:41 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/26/2013 05:49:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: winamp.exe, Version: 5.5.7.2830, Zeitstempel: 0x4b4cd59d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x560cec83
ID des fehlerhaften Prozesses: 0x11e8
Startzeit der fehlerhaften Anwendung: 0xwinamp.exe0
Pfad der fehlerhaften Anwendung: winamp.exe1
Pfad des fehlerhaften Moduls: winamp.exe2
Berichtskennung: winamp.exe3


System errors:
=============
Error: (10/25/2013 08:40:03 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:39:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:39:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:38:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:38:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:37:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:37:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:36:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:36:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (10/25/2013 08:35:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (10/31/2013 08:13:03 PM) (Source: Microsoft-Windows-RestartManager)(User: Notebook-69)
Description: 0NBService.exeNero BackItUp Scheduler 4.003026217816280

Error: (10/31/2013 06:50:36 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59dunknown0.0.0.000000000c0000005560cec83fcc01ced6607d267580C:\Program Files (x86)\Winamp\winamp.exeunknownf1ba6ab8-4254-11e3-a172-8f035af3146f

Error: (10/31/2013 06:44:48 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59djscript.dll5.8.9200.16720523d0755c000000500008436fcc01ced6607d267580C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\SysWOW64\jscript.dll226442e8-4254-11e3-a172-8f035af3146f

Error: (10/28/2013 04:15:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (10/28/2013 04:14:31 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/14/2013 10:21:35 PM) (Source: Application Hang)(User: )
Description: rundll32.exe6.1.7600.163857c001cec92341ca2c104C:\Windows\SysWOW64\rundll32.exe903e9521-3516-11e3-8984-00222004b4a7

Error: (10/10/2013 04:33:34 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59djscript.dll5.8.9200.16720523d0755c000000500008436fdc01cec5cdc9dfa5c0C:\Program Files (x86)\Winamp\winamp.exeC:\Windows\SysWOW64\jscript.dll52866f30-31c1-11e3-b2e9-bd64645c236a

Error: (10/06/2013 06:45:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest

Error: (10/06/2013 06:44:41 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/26/2013 05:49:37 PM) (Source: Application Error)(User: )
Description: winamp.exe5.5.7.28304b4cd59dunknown0.0.0.000000000c0000005560cec8311e801cebad60da72ab0C:\Program Files (x86)\Winamp\winamp.exeunknowna0a373d0-26cb-11e3-a07c-00222004b4a7


CodeIntegrity Errors:
===================================
  Date: 2011-07-17 17:46:46.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 17:23:19.346
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 17:07:04.512
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 17:01:10.447
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 16:37:54.985
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 15:50:52.606
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 15:35:51.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 14:36:48.090
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 14:30:02.861
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-07-17 14:24:06.192
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3838.36 MB
Available physical RAM: 2399.38 MB
Total Pagefile: 7674.89 MB
Available Pagefile: 6214.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:282.19 GB) (Free:43.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:15.89 GB) (Free:3.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E14C13AA)
Partition 1: (Active) - (Size=282 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=16 GB) - (Type=0C)

==================== End Of Log ============================

aharonov · 31.10.2013, 21:25

Ok, weiter geht's.

Zitat:

Soll ich auch das Anti-Viren-Programm entfernen? Das ist ja absolut nicht mehr aktuell!

Ja, wirf das runter und installiere ein aktuelles Programm. Wenn du ein kommerzielles Produkt kaufen willst, kann ich dir Emsisoft empfehlen (aber die Freeware-Version davon reicht nicht!), falls du lieber ein kostenloses Programm hast, schau dir mal avast an.

Schritt 1

Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
Suche und deinstalliere dort der Reihe nach folgende Einträge:
Dealply
Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von FRST

BSB_12 · 31.10.2013, 21:57

Welches Produkt von emnisoft ist zu empfehlen?

Brauche ich auch noch eine Firewall? Falls ja, was kann man da empfehlen?

Hier die Logs:

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 31/10/2013 um 21:47:23
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Notebook - NOTEBOOK-69
# Gestartet von : C:\Users\Notebook\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : dealplylive
[#] Dienst Gelöscht : dealplylivem

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\Users\Notebook\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Notebook\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Notebook\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\Notebook\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Notebook\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Notebook\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\ConduitCommon
Datei Gelöscht : C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
Datei Gelöscht : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader60361_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader60361_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hjsplit_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hjsplit_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_soundtap_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_soundtap_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sweet-home-3d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_sweet-home-3d_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DealPlyLive
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPlyLive

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ Datei : C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default\prefs.js ]

Zeile gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Jul 17 2011 17:51:42 GMT+0200");
Zeile gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Sun Jul 17 2011 17:51:42 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jul 17 2011 17:51:42 GMT+0200");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "ZoneAlarm-Sicherheit Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "ZoneAlarm-Sicherheit Customized Web Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=30880622436A9016&affID=119357&tt=200813_245&tsp=4983");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=");

*************************

AdwCleaner[R0].txt - [11189 octets] - [31/10/2013 21:45:56]
AdwCleaner[S0].txt - [10524 octets] - [31/10/2013 21:47:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10585 octets] ##########

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Notebook (administrator) on NOTEBOOK-69 on 31-10-2013 21:49:27
Running from C:\Users\Notebook\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
MountPoints2: F - F:\AutoRun.exe
MountPoints2: I - I:\LaunchU3.exe -a
MountPoints2: {6018f0c1-97ef-11e0-a277-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {6018f0c6-97ef-11e0-a277-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {7e155d08-be4c-11e0-9d52-811ae6e2aa6c} - H:\AutoRun.exe
MountPoints2: {7e155d0c-be4c-11e0-9d52-811ae6e2aa6c} - F:\AutoRun.exe
MountPoints2: {877ce8e2-be20-11e0-a5df-ff55a6ef1b7e} - F:\AutoRun.exe
MountPoints2: {877ce8fe-be20-11e0-a5df-ff55a6ef1b7e} - F:\AutoRun.exe
MountPoints2: {877ce92b-be20-11e0-a5df-f0ef8b26f925} - F:\AutoRun.exe
MountPoints2: {ef2d4a44-afe1-11e0-917d-00222004b4a7} - F:\AutoRun.exe
MountPoints2: {ef2d4a4f-afe1-11e0-917d-00222004b4a7} - F:\AutoRun.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

URLSearchHook: HKCU - (No Name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\oyji5x3g.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Users\Notebook\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~2\Opera\program\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype extension for Firefox - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)
R3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2010-01-23] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-29] ()
S2 eamonm; system32\DRIVERS\eamonm.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-31 21:45 - 2013-10-31 21:47 - 00000000 ____D C:\AdwCleaner
2013-10-31 21:45 - 2013-10-31 21:45 - 01060070 _____ C:\Users\Notebook\Desktop\adwcleaner.exe
2013-10-31 21:10 - 2013-10-31 21:37 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Winamp
2013-10-31 21:10 - 2013-10-31 21:10 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-10-31 20:40 - 2013-10-31 20:40 - 01957098 _____ (Farbar) C:\Users\Notebook\Desktop\FRST64.exe
2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-17 21:26 - 2013-10-19 08:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-09 16:23 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 16:23 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 16:23 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 16:23 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 16:23 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 16:23 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 16:23 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 16:23 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 16:23 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 16:22 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 16:22 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 13:53 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 13:53 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 13:53 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 13:53 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 13:53 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 13:53 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 13:53 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 13:53 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 13:53 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 13:53 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 13:53 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 13:53 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 13:53 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 13:53 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 13:53 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 13:53 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 13:53 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 13:53 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 13:53 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 13:53 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-09 13:53 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-09 13:53 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-04 20:09 - 2013-10-04 20:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-10-31 21:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
2013-10-31 21:48 - 2010-11-24 15:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 21:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 21:48 - 2009-07-14 05:51 - 00176572 _____ C:\Windows\setupact.log
2013-10-31 21:47 - 2013-10-31 21:45 - 00000000 ____D C:\AdwCleaner
2013-10-31 21:47 - 2010-04-28 18:17 - 01103809 _____ C:\Windows\WindowsUpdate.log
2013-10-31 21:45 - 2013-10-31 21:45 - 01060070 _____ C:\Users\Notebook\Desktop\adwcleaner.exe
2013-10-31 21:44 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 21:44 - 2009-07-14 05:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 21:42 - 2009-07-14 18:58 - 00645740 _____ C:\Windows\system32\perfh007.dat
2013-10-31 21:42 - 2009-07-14 18:58 - 00127028 _____ C:\Windows\system32\perfc007.dat
2013-10-31 21:42 - 2009-07-14 06:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 21:38 - 2010-04-28 18:24 - 00034162 _____ C:\Windows\PFRO.log
2013-10-31 21:37 - 2013-10-31 21:10 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Winamp
2013-10-31 21:26 - 2012-04-20 14:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-31 21:12 - 2010-07-29 12:50 - 00000000 ____D C:\Users\Notebook\Desktop\Hannes
2013-10-31 21:10 - 2013-10-31 21:10 - 00000000 ____D C:\Program Files (x86)\Winamp
2013-10-31 21:00 - 2010-11-24 15:04 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-31 20:40 - 2013-10-31 20:40 - 01957098 _____ (Farbar) C:\Users\Notebook\Desktop\FRST64.exe
2013-10-31 20:34 - 2010-04-29 08:47 - 00000000 ____D C:\Program Files (x86)\DivX
2013-10-31 20:29 - 2013-02-25 18:58 - 00000000 ____D C:\ProgramData\Origin
2013-10-31 20:28 - 2010-08-30 09:50 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-31 20:20 - 2010-06-09 17:50 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Skype
2013-10-31 20:19 - 2010-06-09 17:50 - 00000000 ____D C:\ProgramData\Skype
2013-10-31 20:06 - 2010-05-12 15:21 - 00000000 ____D C:\ProgramData\Nero
2013-10-31 19:55 - 2010-09-13 15:55 - 00000000 ____D C:\Users\Notebook\Desktop\Backup
2013-10-31 19:54 - 2011-06-16 09:07 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2013-10-31 19:25 - 2010-06-30 13:07 - 00000000 ____D C:\ProgramData\Adobe
2013-10-31 19:24 - 2010-06-30 13:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-31 19:22 - 2010-08-28 18:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-31 19:10 - 2010-04-29 08:45 - 00000000 ____D C:\ProgramData\DivX
2013-10-31 16:04 - 2013-08-20 18:29 - 00001917 ___SH C:\ProgramData\e529bfc3-c17a-4d79-b236-8b5a5d266fad
2013-10-30 22:55 - 2010-11-24 15:04 - 00004110 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-30 22:55 - 2010-11-24 15:04 - 00003858 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-30 22:54 - 2012-12-24 12:49 - 00000000 ____D C:\Users\Notebook\AppData\Roaming\Nitro PDF
2013-10-28 16:41 - 2010-04-28 18:20 - 00000000 ___RD C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-25 17:59 - 2013-10-25 17:59 - 00000000 ____D C:\FRST
2013-10-19 08:04 - 2013-10-17 21:26 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-18 22:06 - 2013-10-18 22:06 - 00000071 _____ C:\Windows\SysWOW64\.directory
2013-10-09 17:26 - 2012-04-20 14:26 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 16:31 - 2009-07-14 05:45 - 04968920 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 16:25 - 2010-06-25 12:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 16:21 - 2013-03-13 17:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 16:19 - 2013-08-14 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 16:17 - 2009-10-14 06:12 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-06 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-06 18:12 - 2013-08-20 18:12 - 00000000 ____D C:\ProgramData\6772d2f8-6c8a-4151-a5d7-0b3336329b43
2013-10-06 15:40 - 2013-01-09 22:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-04 21:15 - 2010-04-30 09:35 - 00000000 ____D C:\Users\Notebook\AppData\Local\Mozilla
2013-10-04 20:10 - 2013-10-04 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Notebook\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\Notebook\AppData\Local\Temp\Quarantine.exe
C:\Users\Notebook\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-28 16:13

==================== End Of Log ============================

--- --- ---

aharonov · 31.10.2013, 22:05

Hallo,

Zitat:

Welches Produkt von emnisoft ist zu empfehlen?
Brauche ich auch noch eine Firewall? Falls ja, was kann man da empfehlen?

Als Firewall reicht die in Windows integrierte für den Normalfall aus. Falls du diese aber nicht verwenden willst, dann schau dir mal die Internet Security an, dort sind Antivirenprogramm und Firewall kombiniert.
Wenn du die Windows-Firewall verwendest und nur ein Antivirenprogramm brauchst, dann wäre das Emsisoft Anti-Malware.

Wie läuft der Rechner jetzt?

Schritt 1

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

BSB_12 · 01.11.2013, 07:08

Läuft gut der Rechner. Bin auch gleichzeitig noch am Aufräumen und am Löschen unwichtiger Dateien.

Hier die Logs:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.31.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Notebook :: NOTEBOOK-69 [Administrator]

31.10.2013 22:16:28
mbam-log-2013-10-31 (22-16-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212603
Laufzeit: 8 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Notebook\AppData\Local\Temp\84CCEDE6-BAB0-7891-8185-4B01DCF99A31\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Notebook\AppData\Local\Temp\84CCEDE6-BAB0-7891-8185-4B01DCF99A31\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Notebook\AppData\Local\Temp\84CCEDE6-BAB0-7891-8185-4B01DCF99A31\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Notebook\AppData\Local\Temp\84CCEDE6-BAB0-7891-8185-4B01DCF99A31\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Notebook\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Notebook\AppData\Local\Temp\is1275519350\dp.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1f89de6b73d5064084aa5a7d3dba995d
# engine=15715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-01 12:03:46
# local_time=2013-11-01 01:03:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 10024 134894076 0 0
# scanned=262454
# found=9
# cleaned=0
# scan_time=7817
sh=82E6712B7E2BCD3291A4E2776C96874C79590739 ft=1 fh=2a94c3d6301eefdf vn="a variant of Win32/Kryptik.BMIA trojan" ac=I fn="C:\FRST\Quarantine\9jzt727o.plz"
sh=D4DFF355FB830CC1B6F1C72A1D6E97AF91CD891D ft=1 fh=d716849315ce6c6c vn="a variant of Win32/Reveton.W trojan" ac=I fn="C:\FRST\Quarantine\o727tzj9.fki"
sh=F2D2ED1D8D17BF4866DDE8303C56CC7A5ADEFAFE ft=1 fh=b7409d81f1a4c984 vn="Win64/Disabler.A trojan" ac=I fn="C:\FRST\Quarantine\o727tzj9.pzz"
sh=82E6712B7E2BCD3291A4E2776C96874C79590739 ft=1 fh=2a94c3d6301eefdf vn="a variant of Win32/Kryptik.BMIA trojan" ac=I fn="C:\FRST\Quarantine\~tmf5624884265661520678.dll"
sh=7A20A7A5DD9EAED4CC4EB52E8B68778A33F11AE0 ft=1 fh=8370d1c892bdb542 vn="a variant of Win64/Kryptik.DM trojan" ac=I fn="C:\ProgramData\3056\msseedir.dll"
sh=7A20A7A5DD9EAED4CC4EB52E8B68778A33F11AE0 ft=1 fh=8370d1c892bdb542 vn="a variant of Win64/Kryptik.DM trojan" ac=I fn="C:\Users\All Users\3056\msseedir.dll"
sh=393EC0210D594D6E8CB15B724F368B04629515E6 ft=1 fh=dd9fcc09b858bbfb vn="a variant of Win32/TrojanProxy.Agent.NPY trojan" ac=I fn="C:\Users\Notebook\AppData\Local\luzhjoa.dll"
sh=E02CB88A34175E29318903C88E4FC4AF79ADFBCA ft=0 fh=0000000000000000 vn="JS/Agent.NJV trojan" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\STIZPAK0\ww2_hozmail_com[1].htm"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/TrojanDownloader.Mebload.BA trojan" ac=I fn="${Memory}"

aharonov · 01.11.2013, 12:15

Hallo,

oh da scheint noch Malware zu laufen..

Schritt 1

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.

Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
Vista und Win7 User: Rechtsklick und "als Administrator starten".
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
msseedir
luzhjoa
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

BSB_12 · 03.11.2013, 10:55

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 10:43 on 03/11/2013 by Notebook
Administrator - Elevation successful

========== regfind ==========

Searching for "msseedir"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1885}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1888}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1882}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1882}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_USERS\S-1-5-21-300217975-2781022776-3715872198-1000\Software\Classes\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1885}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_USERS\S-1-5-21-300217975-2781022776-3715872198-1000\Software\Classes\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1888}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_USERS\S-1-5-21-300217975-2781022776-3715872198-1000_Classes\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1885}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"
[HKEY_USERS\S-1-5-21-300217975-2781022776-3715872198-1000_Classes\Wow6432Node\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D1888}\InprocServer32]
@="C:\ProgramData\3056\msseedir.dll"

Searching for "luzhjoa"
No data found.

-= EOF =-

Code:

ATTFilter

10:48:13.0188 0x0f98  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
10:48:19.0053 0x0f98  ============================================================
10:48:19.0053 0x0f98  Current date / time: 2013/11/03 10:48:19.0053
10:48:19.0053 0x0f98  SystemInfo:
10:48:19.0053 0x0f98  
10:48:19.0053 0x0f98  OS Version: 6.1.7601 ServicePack: 1.0
10:48:19.0053 0x0f98  Product type: Workstation
10:48:19.0053 0x0f98  ComputerName: NOTEBOOK-69
10:48:19.0053 0x0f98  UserName: Notebook
10:48:19.0053 0x0f98  Windows directory: C:\Windows
10:48:19.0053 0x0f98  System windows directory: C:\Windows
10:48:19.0053 0x0f98  Running under WOW64
10:48:19.0053 0x0f98  Processor architecture: Intel x64
10:48:19.0053 0x0f98  Number of processors: 2
10:48:19.0053 0x0f98  Page size: 0x1000
10:48:19.0053 0x0f98  Boot type: Normal boot
10:48:19.0053 0x0f98  ============================================================
10:48:22.0531 0x0f98  System UUID: {2E805B7F-74AC-9A43-4E9A-3201DF18EFCC}
10:48:22.0999 0x0f98  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:48:22.0999 0x0f98  ============================================================
10:48:22.0999 0x0f98  \Device\Harddisk0\DR0:
10:48:22.0999 0x0f98  MBR partitions:
10:48:22.0999 0x0f98  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2345F800
10:48:22.0999 0x0f98  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x23460000, BlocksNum 0x1FCE2B0
10:48:22.0999 0x0f98  ============================================================
10:48:23.0046 0x0f98  C: <-> \Device\Harddisk0\DR0\Partition1
10:48:23.0077 0x0f98  D: <-> \Device\Harddisk0\DR0\Partition2
10:48:23.0077 0x0f98  ============================================================
10:48:23.0077 0x0f98  Initialize success
10:48:23.0077 0x0f98  ============================================================
10:48:35.0916 0x0c50  ============================================================
10:48:35.0916 0x0c50  Scan started
10:48:35.0916 0x0c50  Mode: Manual; SigCheck; TDLFS; 
10:48:35.0916 0x0c50  ============================================================
10:48:35.0916 0x0c50  KSN ping started
10:48:40.0050 0x0c50  KSN ping finished: true
10:48:40.0659 0x0c50  ================ Scan system memory ========================
10:48:40.0659 0x0c50  System memory - ok
10:48:40.0659 0x0c50  ================ Scan services =============================
10:48:40.0815 0x0c50  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:48:40.0908 0x0c50  1394ohci - ok
10:48:40.0955 0x0c50  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:48:40.0986 0x0c50  ACPI - ok
10:48:41.0033 0x0c50  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:48:41.0127 0x0c50  AcpiPmi - ok
10:48:41.0283 0x0c50  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:48:41.0298 0x0c50  AdobeARMservice - ok
10:48:41.0407 0x0c50  AdobeFlashPlayerUpdateSvc - ok
10:48:41.0470 0x0c50  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:48:41.0501 0x0c50  adp94xx - ok
10:48:41.0532 0x0c50  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:48:41.0548 0x0c50  adpahci - ok
10:48:41.0595 0x0c50  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:48:41.0626 0x0c50  adpu320 - ok
10:48:41.0657 0x0c50  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:48:41.0797 0x0c50  AeLookupSvc - ok
10:48:41.0860 0x0c50  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
10:48:41.0953 0x0c50  AFD - ok
10:48:41.0985 0x0c50  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:48:42.0000 0x0c50  agp440 - ok
10:48:42.0031 0x0c50  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:48:42.0078 0x0c50  ALG - ok
10:48:42.0109 0x0c50  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:48:42.0125 0x0c50  aliide - ok
10:48:42.0172 0x0c50  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:48:42.0172 0x0c50  amdide - ok
10:48:42.0234 0x0c50  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:48:42.0297 0x0c50  AmdK8 - ok
10:48:42.0328 0x0c50  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:48:42.0390 0x0c50  AmdPPM - ok
10:48:42.0437 0x0c50  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:48:42.0453 0x0c50  amdsata - ok
10:48:42.0499 0x0c50  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:48:42.0515 0x0c50  amdsbs - ok
10:48:42.0531 0x0c50  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:48:42.0562 0x0c50  amdxata - ok
10:48:42.0609 0x0c50  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
10:48:42.0811 0x0c50  AppID - ok
10:48:42.0843 0x0c50  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:48:42.0905 0x0c50  AppIDSvc - ok
10:48:42.0967 0x0c50  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
10:48:43.0030 0x0c50  Appinfo - ok
10:48:43.0092 0x0c50  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:48:43.0170 0x0c50  AppMgmt - ok
10:48:43.0233 0x0c50  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:48:43.0248 0x0c50  arc - ok
10:48:43.0279 0x0c50  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:48:43.0295 0x0c50  arcsas - ok
10:48:43.0326 0x0c50  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:48:43.0389 0x0c50  AsyncMac - ok
10:48:43.0404 0x0c50  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:48:43.0420 0x0c50  atapi - ok
10:48:43.0513 0x0c50  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:48:43.0654 0x0c50  athr - ok
10:48:43.0747 0x0c50  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:48:43.0857 0x0c50  AudioEndpointBuilder - ok
10:48:43.0888 0x0c50  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:48:43.0950 0x0c50  AudioSrv - ok
10:48:43.0997 0x0c50  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:48:44.0106 0x0c50  AxInstSV - ok
10:48:44.0153 0x0c50  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
10:48:44.0215 0x0c50  b06bdrv - ok
10:48:44.0262 0x0c50  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:48:44.0309 0x0c50  b57nd60a - ok
10:48:44.0371 0x0c50  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:48:44.0403 0x0c50  BDESVC - ok
10:48:44.0434 0x0c50  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:48:44.0512 0x0c50  Beep - ok
10:48:44.0590 0x0c50  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:48:44.0668 0x0c50  BFE - ok
10:48:44.0761 0x0c50  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
10:48:44.0855 0x0c50  BITS - ok
10:48:44.0886 0x0c50  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:48:44.0917 0x0c50  blbdrive - ok
10:48:44.0964 0x0c50  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:48:45.0027 0x0c50  bowser - ok
10:48:45.0058 0x0c50  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:48:45.0136 0x0c50  BrFiltLo - ok
10:48:45.0151 0x0c50  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:48:45.0183 0x0c50  BrFiltUp - ok
10:48:45.0229 0x0c50  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:48:45.0276 0x0c50  Browser - ok
10:48:45.0307 0x0c50  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:48:45.0385 0x0c50  Brserid - ok
10:48:45.0401 0x0c50  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:48:45.0432 0x0c50  BrSerWdm - ok
10:48:45.0448 0x0c50  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:48:45.0510 0x0c50  BrUsbMdm - ok
10:48:45.0526 0x0c50  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:48:45.0541 0x0c50  BrUsbSer - ok
10:48:45.0573 0x0c50  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:48:45.0604 0x0c50  BTHMODEM - ok
10:48:45.0635 0x0c50  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:48:45.0697 0x0c50  bthserv - ok
10:48:45.0729 0x0c50  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:48:45.0807 0x0c50  cdfs - ok
10:48:45.0869 0x0c50  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:48:45.0900 0x0c50  cdrom - ok
10:48:45.0963 0x0c50  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:48:46.0009 0x0c50  CertPropSvc - ok
10:48:46.0025 0x0c50  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:48:46.0072 0x0c50  circlass - ok
10:48:46.0119 0x0c50  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
10:48:46.0150 0x0c50  CLFS - ok
10:48:46.0228 0x0c50  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:48:46.0243 0x0c50  clr_optimization_v2.0.50727_32 - ok
10:48:46.0290 0x0c50  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:48:46.0306 0x0c50  clr_optimization_v2.0.50727_64 - ok
10:48:46.0337 0x0c50  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:48:46.0368 0x0c50  CmBatt - ok
10:48:46.0399 0x0c50  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:48:46.0415 0x0c50  cmdide - ok
10:48:46.0477 0x0c50  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
10:48:46.0524 0x0c50  CNG - ok
10:48:46.0587 0x0c50  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:48:46.0602 0x0c50  Compbatt - ok
10:48:46.0649 0x0c50  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:48:46.0696 0x0c50  CompositeBus - ok
10:48:46.0727 0x0c50  COMSysApp - ok
10:48:46.0743 0x0c50  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:48:46.0758 0x0c50  crcdisk - ok
10:48:46.0805 0x0c50  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:48:46.0867 0x0c50  CryptSvc - ok
10:48:46.0930 0x0c50  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
10:48:47.0008 0x0c50  CSC - ok
10:48:47.0086 0x0c50  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
10:48:47.0148 0x0c50  CscService - ok
10:48:47.0211 0x0c50  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:48:47.0289 0x0c50  DcomLaunch - ok
10:48:47.0351 0x0c50  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:48:47.0429 0x0c50  defragsvc - ok
10:48:47.0476 0x0c50  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:48:47.0523 0x0c50  DfsC - ok
10:48:47.0601 0x0c50  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:48:47.0663 0x0c50  Dhcp - ok
10:48:47.0694 0x0c50  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:48:47.0757 0x0c50  discache - ok
10:48:47.0819 0x0c50  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:48:47.0835 0x0c50  Disk - ok
10:48:47.0866 0x0c50  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:48:47.0944 0x0c50  Dnscache - ok
10:48:48.0006 0x0c50  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:48:48.0069 0x0c50  dot3svc - ok
10:48:48.0131 0x0c50  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:48:48.0178 0x0c50  dot4 - ok
10:48:48.0225 0x0c50  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
10:48:48.0256 0x0c50  Dot4Print - ok
10:48:48.0287 0x0c50  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:48:48.0318 0x0c50  dot4usb - ok
10:48:48.0365 0x0c50  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:48:48.0443 0x0c50  DPS - ok
10:48:48.0505 0x0c50  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:48:48.0537 0x0c50  drmkaud - ok
10:48:48.0630 0x0c50  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:48:48.0677 0x0c50  DXGKrnl - ok
10:48:48.0724 0x0c50  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
10:48:48.0739 0x0c50  E1G60 - ok
10:48:48.0771 0x0c50  eamonm - ok
10:48:48.0817 0x0c50  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:48:48.0864 0x0c50  EapHost - ok
10:48:49.0020 0x0c50  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
10:48:49.0270 0x0c50  ebdrv - ok
10:48:49.0317 0x0c50  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
10:48:49.0379 0x0c50  EFS - ok
10:48:49.0441 0x0c50  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:48:49.0551 0x0c50  ehRecvr - ok
10:48:49.0566 0x0c50  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:48:49.0629 0x0c50  ehSched - ok
10:48:49.0691 0x0c50  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:48:49.0722 0x0c50  elxstor - ok
10:48:49.0753 0x0c50  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:48:49.0769 0x0c50  ErrDev - ok
10:48:49.0831 0x0c50  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:48:49.0909 0x0c50  EventSystem - ok
10:48:49.0941 0x0c50  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:48:50.0003 0x0c50  exfat - ok
10:48:50.0019 0x0c50  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:48:50.0081 0x0c50  fastfat - ok
10:48:50.0143 0x0c50  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:48:50.0237 0x0c50  Fax - ok
10:48:50.0284 0x0c50  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:48:50.0299 0x0c50  fdc - ok
10:48:50.0331 0x0c50  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:48:50.0377 0x0c50  fdPHost - ok
10:48:50.0393 0x0c50  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:48:50.0455 0x0c50  FDResPub - ok
10:48:50.0487 0x0c50  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:48:50.0502 0x0c50  FileInfo - ok
10:48:50.0518 0x0c50  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:48:50.0565 0x0c50  Filetrace - ok
10:48:50.0580 0x0c50  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:48:50.0611 0x0c50  flpydisk - ok
10:48:50.0658 0x0c50  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:48:50.0674 0x0c50  FltMgr - ok
10:48:50.0767 0x0c50  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
10:48:50.0861 0x0c50  FontCache - ok
10:48:50.0923 0x0c50  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:48:50.0939 0x0c50  FontCache3.0.0.0 - ok
10:48:50.0970 0x0c50  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:48:50.0986 0x0c50  FsDepends - ok
10:48:51.0033 0x0c50  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:48:51.0048 0x0c50  Fs_Rec - ok
10:48:51.0126 0x0c50  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:48:51.0157 0x0c50  fvevol - ok
10:48:51.0189 0x0c50  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:48:51.0204 0x0c50  gagp30kx - ok
10:48:51.0267 0x0c50  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:48:51.0360 0x0c50  gpsvc - ok
10:48:51.0469 0x0c50  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:48:51.0485 0x0c50  gupdate - ok
10:48:51.0532 0x0c50  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:48:51.0547 0x0c50  gupdatem - ok
10:48:51.0579 0x0c50  [ FFE2B6DA03F47DB339A538679D2DC600, BA0AEE49E68FA331D9DBD7FD7F8A62E4773EA7B8C54B1AF3231DCFA5DE0B3D9E ] hcw17bda        C:\Windows\system32\drivers\hcw17bda.sys
10:48:51.0625 0x0c50  hcw17bda - ok
10:48:51.0641 0x0c50  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:48:51.0688 0x0c50  hcw85cir - ok
10:48:51.0750 0x0c50  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:48:51.0797 0x0c50  HdAudAddService - ok
10:48:51.0859 0x0c50  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:48:51.0891 0x0c50  HDAudBus - ok
10:48:51.0906 0x0c50  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:48:51.0937 0x0c50  HidBatt - ok
10:48:51.0969 0x0c50  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:48:52.0000 0x0c50  HidBth - ok
10:48:52.0015 0x0c50  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:48:52.0047 0x0c50  HidIr - ok
10:48:52.0078 0x0c50  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:48:52.0140 0x0c50  hidserv - ok
10:48:52.0203 0x0c50  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
10:48:52.0218 0x0c50  HidUsb - ok
10:48:52.0265 0x0c50  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:48:52.0327 0x0c50  hkmsvc - ok
10:48:52.0374 0x0c50  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:48:52.0437 0x0c50  HomeGroupListener - ok
10:48:52.0483 0x0c50  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:48:52.0515 0x0c50  HomeGroupProvider - ok
10:48:52.0561 0x0c50  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:48:52.0577 0x0c50  HpSAMD - ok
10:48:52.0639 0x0c50  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:48:52.0733 0x0c50  HTTP - ok
10:48:52.0780 0x0c50  hwdatacard - ok
10:48:52.0827 0x0c50  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:48:52.0842 0x0c50  hwpolicy - ok
10:48:52.0889 0x0c50  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:48:52.0905 0x0c50  i8042prt - ok
10:48:52.0967 0x0c50  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:48:52.0998 0x0c50  iaStorV - ok
10:48:53.0092 0x0c50  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:48:53.0154 0x0c50  idsvc - ok
10:48:53.0201 0x0c50  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:48:53.0217 0x0c50  iirsp - ok
10:48:53.0279 0x0c50  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:48:53.0373 0x0c50  IKEEXT - ok
10:48:53.0497 0x0c50  [ 58A60DF2B6D0D6B09E44CAC7F1D2AB6A, 3110C31C21C38418D42E910C23F2D024B7EF43798E6C6F45ECA464A32EF1B243 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:48:53.0575 0x0c50  IntcAzAudAddService - ok
10:48:53.0607 0x0c50  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:48:53.0622 0x0c50  intelide - ok
10:48:53.0653 0x0c50  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:48:53.0685 0x0c50  intelppm - ok
10:48:53.0716 0x0c50  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:48:53.0778 0x0c50  IPBusEnum - ok
10:48:53.0825 0x0c50  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:48:53.0872 0x0c50  IpFilterDriver - ok
10:48:53.0934 0x0c50  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:48:54.0028 0x0c50  iphlpsvc - ok
10:48:54.0090 0x0c50  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:48:54.0106 0x0c50  IPMIDRV - ok
10:48:54.0153 0x0c50  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:48:54.0199 0x0c50  IPNAT - ok
10:48:54.0231 0x0c50  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:48:54.0309 0x0c50  IRENUM - ok
10:48:54.0340 0x0c50  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:48:54.0355 0x0c50  isapnp - ok
10:48:54.0402 0x0c50  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:48:54.0433 0x0c50  iScsiPrt - ok
10:48:54.0465 0x0c50  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:48:54.0480 0x0c50  kbdclass - ok
10:48:54.0511 0x0c50  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:48:54.0558 0x0c50  kbdhid - ok
10:48:54.0589 0x0c50  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
10:48:54.0605 0x0c50  KeyIso - ok
10:48:54.0636 0x0c50  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:48:54.0667 0x0c50  KSecDD - ok
10:48:54.0714 0x0c50  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:48:54.0730 0x0c50  KSecPkg - ok
10:48:54.0761 0x0c50  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:48:54.0823 0x0c50  ksthunk - ok
10:48:54.0855 0x0c50  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:48:54.0933 0x0c50  KtmRm - ok
10:48:55.0011 0x0c50  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:48:55.0073 0x0c50  LanmanServer - ok
10:48:55.0120 0x0c50  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:48:55.0167 0x0c50  LanmanWorkstation - ok
10:48:55.0213 0x0c50  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:48:55.0276 0x0c50  lltdio - ok
10:48:55.0338 0x0c50  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:48:55.0401 0x0c50  lltdsvc - ok
10:48:55.0432 0x0c50  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:48:55.0479 0x0c50  lmhosts - ok
10:48:55.0510 0x0c50  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:48:55.0525 0x0c50  LSI_FC - ok
10:48:55.0572 0x0c50  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:48:55.0588 0x0c50  LSI_SAS - ok
10:48:55.0603 0x0c50  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:48:55.0619 0x0c50  LSI_SAS2 - ok
10:48:55.0635 0x0c50  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:48:55.0666 0x0c50  LSI_SCSI - ok
10:48:55.0697 0x0c50  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:48:55.0759 0x0c50  luafv - ok
10:48:55.0791 0x0c50  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:48:55.0822 0x0c50  Mcx2Svc - ok
10:48:55.0837 0x0c50  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:48:55.0853 0x0c50  megasas - ok
10:48:55.0884 0x0c50  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:48:55.0900 0x0c50  MegaSR - ok
10:48:56.0009 0x0c50  Microsoft SharePoint Workspace Audit Service - ok
10:48:56.0040 0x0c50  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:48:56.0103 0x0c50  MMCSS - ok
10:48:56.0118 0x0c50  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:48:56.0181 0x0c50  Modem - ok
10:48:56.0212 0x0c50  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:48:56.0243 0x0c50  monitor - ok
10:48:56.0290 0x0c50  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:48:56.0305 0x0c50  mouclass - ok
10:48:56.0305 0x0c50  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:48:56.0337 0x0c50  mouhid - ok
10:48:56.0368 0x0c50  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:48:56.0399 0x0c50  mountmgr - ok
10:48:56.0493 0x0c50  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:48:56.0508 0x0c50  MozillaMaintenance - ok
10:48:56.0539 0x0c50  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:48:56.0555 0x0c50  mpio - ok
10:48:56.0602 0x0c50  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:48:56.0680 0x0c50  mpsdrv - ok
10:48:56.0742 0x0c50  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:48:56.0836 0x0c50  MpsSvc - ok
10:48:56.0883 0x0c50  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:48:56.0929 0x0c50  MRxDAV - ok
10:48:56.0976 0x0c50  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:48:57.0039 0x0c50  mrxsmb - ok
10:48:57.0085 0x0c50  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:48:57.0132 0x0c50  mrxsmb10 - ok
10:48:57.0163 0x0c50  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:48:57.0179 0x0c50  mrxsmb20 - ok
10:48:57.0210 0x0c50  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:48:57.0226 0x0c50  msahci - ok
10:48:57.0257 0x0c50  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:48:57.0273 0x0c50  msdsm - ok
10:48:57.0304 0x0c50  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:48:57.0351 0x0c50  MSDTC - ok
10:48:57.0382 0x0c50  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:48:57.0429 0x0c50  Msfs - ok
10:48:57.0444 0x0c50  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:48:57.0507 0x0c50  mshidkmdf - ok
10:48:57.0538 0x0c50  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:48:57.0553 0x0c50  msisadrv - ok
10:48:57.0585 0x0c50  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:48:57.0647 0x0c50  MSiSCSI - ok
10:48:57.0663 0x0c50  msiserver - ok
10:48:57.0694 0x0c50  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:48:57.0741 0x0c50  MSKSSRV - ok
10:48:57.0756 0x0c50  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:48:57.0803 0x0c50  MSPCLOCK - ok
10:48:57.0819 0x0c50  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:48:57.0881 0x0c50  MSPQM - ok
10:48:57.0928 0x0c50  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:48:57.0975 0x0c50  MsRPC - ok
10:48:57.0990 0x0c50  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:48:58.0006 0x0c50  mssmbios - ok
10:48:58.0021 0x0c50  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:48:58.0084 0x0c50  MSTEE - ok
10:48:58.0099 0x0c50  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:48:58.0115 0x0c50  MTConfig - ok
10:48:58.0131 0x0c50  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:48:58.0146 0x0c50  Mup - ok
10:48:58.0209 0x0c50  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:48:58.0287 0x0c50  napagent - ok
10:48:58.0318 0x0c50  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:48:58.0365 0x0c50  NativeWifiP - ok
10:48:58.0458 0x0c50  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:48:58.0521 0x0c50  NDIS - ok
10:48:58.0552 0x0c50  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:48:58.0599 0x0c50  NdisCap - ok
10:48:58.0630 0x0c50  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:48:58.0677 0x0c50  NdisTapi - ok
10:48:58.0755 0x0c50  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:48:58.0801 0x0c50  Ndisuio - ok
10:48:58.0833 0x0c50  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:48:58.0895 0x0c50  NdisWan - ok
10:48:58.0942 0x0c50  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:48:59.0004 0x0c50  NDProxy - ok
10:48:59.0051 0x0c50  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:48:59.0113 0x0c50  NetBIOS - ok
10:48:59.0176 0x0c50  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:48:59.0223 0x0c50  NetBT - ok
10:48:59.0238 0x0c50  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
10:48:59.0254 0x0c50  Netlogon - ok
10:48:59.0316 0x0c50  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:48:59.0425 0x0c50  Netman - ok
10:48:59.0472 0x0c50  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:48:59.0550 0x0c50  netprofm - ok
10:48:59.0581 0x0c50  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:48:59.0597 0x0c50  NetTcpPortSharing - ok
10:48:59.0628 0x0c50  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:48:59.0644 0x0c50  nfrd960 - ok
10:48:59.0769 0x0c50  [ AED45983165B3B9526757204FFCEA651, 9C6626E51256972EC885277FED6334E9F2EC13B97EB635611E3FD5AD96ABD9A4 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
10:48:59.0784 0x0c50  NitroReaderDriverReadSpool3 - ok
10:48:59.0831 0x0c50  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:48:59.0909 0x0c50  NlaSvc - ok
10:48:59.0940 0x0c50  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:48:59.0987 0x0c50  Npfs - ok
10:49:00.0018 0x0c50  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:49:00.0065 0x0c50  nsi - ok
10:49:00.0096 0x0c50  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:49:00.0159 0x0c50  nsiproxy - ok
10:49:00.0252 0x0c50  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:49:00.0346 0x0c50  Ntfs - ok
10:49:00.0377 0x0c50  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:49:00.0424 0x0c50  Null - ok
10:49:00.0486 0x0c50  [ A85B4F2EF3A7304A5399EF0526423040, E45854691BA6AE36E53C2922CC93FF13DC2D84CBE7FE13A2F0B1CE1C16D1D158 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
10:49:00.0564 0x0c50  NVENETFD - ok
10:49:00.0627 0x0c50  [ CB599955CE2CE9694721562F9481CD84, DC8B802396E9D0F11D1855A622E7438711C029D3B76550A953A44CEB8A7E468F ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
10:49:00.0642 0x0c50  NVHDA - ok
10:49:01.0095 0x0c50  [ ED5211F6788C0522AE8BAAA4EB5C72E1, 37397F78F1248CED93FD1C5E288CBCCB69BF624BE611223CA0FBD273FE90D721 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:49:01.0438 0x0c50  nvlddmkm - ok
10:49:01.0531 0x0c50  [ 909EEDCBD365BB81027D8E742E6B3416, 6C346C7B0E26A12BB0F56918E5324BC8C1024FEEE5952BFEB02DB2BC47182B61 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
10:49:01.0563 0x0c50  NVNET - ok
10:49:01.0594 0x0c50  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:49:01.0609 0x0c50  nvraid - ok
10:49:01.0641 0x0c50  [ E58D81FB8616D0CB55C1E36AA0B213C9, D83F78615889A466ADE2BFEF7AB357C0D31B7FA9A1A52668DED32A51FEFA87B5 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
10:49:01.0656 0x0c50  nvsmu - ok
10:49:01.0672 0x0c50  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:49:01.0703 0x0c50  nvstor - ok
10:49:01.0750 0x0c50  [ D31BB3EAD138641B4E9303A56A22894E, 0848E67163D77FF4C1002ACE2EBE52895BE2CC423BD1E7D86053A5363D6C1BE7 ] nvsvc           C:\Windows\system32\nvvsvc.exe
10:49:01.0781 0x0c50  nvsvc - ok
10:49:01.0812 0x0c50  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:49:01.0828 0x0c50  nv_agp - ok
10:49:01.0875 0x0c50  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:49:01.0906 0x0c50  ohci1394 - ok
10:49:02.0062 0x0c50  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:49:02.0077 0x0c50  ose64 - ok
10:49:02.0358 0x0c50  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:49:02.0608 0x0c50  osppsvc - ok
10:49:02.0670 0x0c50  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:49:02.0733 0x0c50  p2pimsvc - ok
10:49:02.0764 0x0c50  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:49:02.0811 0x0c50  p2psvc - ok
10:49:02.0857 0x0c50  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:49:02.0873 0x0c50  Parport - ok
10:49:02.0904 0x0c50  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:49:02.0920 0x0c50  partmgr - ok
10:49:02.0951 0x0c50  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:49:02.0998 0x0c50  PcaSvc - ok
10:49:03.0013 0x0c50  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:49:03.0045 0x0c50  pci - ok
10:49:03.0091 0x0c50  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:49:03.0107 0x0c50  pciide - ok
10:49:03.0123 0x0c50  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:49:03.0154 0x0c50  pcmcia - ok
10:49:03.0169 0x0c50  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:49:03.0185 0x0c50  pcw - ok
10:49:03.0232 0x0c50  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:49:03.0325 0x0c50  PEAUTH - ok
10:49:03.0419 0x0c50  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
10:49:03.0544 0x0c50  PeerDistSvc - ok
10:49:03.0622 0x0c50  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:49:03.0653 0x0c50  PerfHost - ok
10:49:03.0747 0x0c50  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:49:03.0871 0x0c50  pla - ok
10:49:04.0105 0x0c50  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:49:04.0183 0x0c50  PlugPlay - ok
10:49:04.0215 0x0c50  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:49:04.0230 0x0c50  PNRPAutoReg - ok
10:49:04.0277 0x0c50  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:49:04.0293 0x0c50  PNRPsvc - ok
10:49:04.0339 0x0c50  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:49:04.0417 0x0c50  PolicyAgent - ok
10:49:04.0449 0x0c50  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:49:04.0511 0x0c50  Power - ok
10:49:04.0589 0x0c50  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:49:04.0636 0x0c50  PptpMiniport - ok
10:49:04.0683 0x0c50  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:49:04.0714 0x0c50  Processor - ok
10:49:04.0761 0x0c50  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
10:49:04.0823 0x0c50  ProfSvc - ok
10:49:04.0839 0x0c50  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
10:49:04.0854 0x0c50  ProtectedStorage - ok
10:49:04.0917 0x0c50  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:49:04.0963 0x0c50  Psched - ok
10:49:05.0026 0x0c50  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:49:05.0135 0x0c50  ql2300 - ok
10:49:05.0182 0x0c50  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:49:05.0197 0x0c50  ql40xx - ok
10:49:05.0260 0x0c50  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:49:05.0291 0x0c50  QWAVE - ok
10:49:05.0307 0x0c50  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:49:05.0353 0x0c50  QWAVEdrv - ok
10:49:05.0369 0x0c50  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:49:05.0416 0x0c50  RasAcd - ok
10:49:05.0447 0x0c50  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:49:05.0494 0x0c50  RasAgileVpn - ok
10:49:05.0525 0x0c50  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:49:05.0587 0x0c50  RasAuto - ok
10:49:05.0619 0x0c50  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:49:05.0681 0x0c50  Rasl2tp - ok
10:49:05.0759 0x0c50  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:49:05.0821 0x0c50  RasMan - ok
10:49:05.0868 0x0c50  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:49:05.0931 0x0c50  RasPppoe - ok
10:49:05.0946 0x0c50  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:49:05.0993 0x0c50  RasSstp - ok
10:49:06.0040 0x0c50  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:49:06.0102 0x0c50  rdbss - ok
10:49:06.0133 0x0c50  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:49:06.0165 0x0c50  rdpbus - ok
10:49:06.0180 0x0c50  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:49:06.0211 0x0c50  RDPCDD - ok
10:49:06.0258 0x0c50  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:49:06.0289 0x0c50  RDPDR - ok
10:49:06.0321 0x0c50  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:49:06.0367 0x0c50  RDPENCDD - ok
10:49:06.0383 0x0c50  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:49:06.0430 0x0c50  RDPREFMP - ok
10:49:06.0508 0x0c50  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:49:06.0570 0x0c50  RdpVideoMiniport - ok
10:49:06.0617 0x0c50  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:49:06.0679 0x0c50  RDPWD - ok
10:49:06.0726 0x0c50  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:49:06.0742 0x0c50  rdyboost - ok
10:49:06.0804 0x0c50  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:49:06.0851 0x0c50  RemoteAccess - ok
10:49:06.0882 0x0c50  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:49:06.0960 0x0c50  RemoteRegistry - ok
10:49:06.0976 0x0c50  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:49:07.0038 0x0c50  RpcEptMapper - ok
10:49:07.0085 0x0c50  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:49:07.0116 0x0c50  RpcLocator - ok
10:49:07.0179 0x0c50  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
10:49:07.0225 0x0c50  RpcSs - ok
10:49:07.0272 0x0c50  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:49:07.0335 0x0c50  rspndr - ok
10:49:07.0381 0x0c50  [ 483DF0B58CA532E5240E59DC41F30AA2, 3A5AC91E5B57B671072A40F38DA1F804ECDE30FB4D9042FB3FE7B7CA10C0D0BC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
10:49:07.0444 0x0c50  RSUSBSTOR - ok
10:49:07.0475 0x0c50  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
10:49:07.0506 0x0c50  s3cap - ok
10:49:07.0522 0x0c50  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
10:49:07.0537 0x0c50  SamSs - ok
10:49:07.0569 0x0c50  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:49:07.0584 0x0c50  sbp2port - ok
10:49:07.0631 0x0c50  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:49:07.0678 0x0c50  SCardSvr - ok
10:49:07.0709 0x0c50  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:49:07.0771 0x0c50  scfilter - ok
10:49:07.0849 0x0c50  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:49:07.0959 0x0c50  Schedule - ok
10:49:08.0005 0x0c50  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:49:08.0052 0x0c50  SCPolicySvc - ok
10:49:08.0083 0x0c50  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:49:08.0130 0x0c50  SDRSVC - ok
10:49:08.0161 0x0c50  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:49:08.0224 0x0c50  secdrv - ok
10:49:08.0255 0x0c50  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:49:08.0302 0x0c50  seclogon - ok
10:49:08.0333 0x0c50  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:49:08.0395 0x0c50  SENS - ok
10:49:08.0427 0x0c50  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:49:08.0473 0x0c50  SensrSvc - ok
10:49:08.0489 0x0c50  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:49:08.0505 0x0c50  Serenum - ok
10:49:08.0536 0x0c50  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:49:08.0583 0x0c50  Serial - ok
10:49:08.0614 0x0c50  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:49:08.0629 0x0c50  sermouse - ok
10:49:08.0692 0x0c50  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:49:08.0739 0x0c50  SessionEnv - ok
10:49:08.0770 0x0c50  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:49:08.0801 0x0c50  sffdisk - ok
10:49:08.0832 0x0c50  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:49:08.0863 0x0c50  sffp_mmc - ok
10:49:08.0879 0x0c50  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:49:08.0895 0x0c50  sffp_sd - ok
10:49:08.0926 0x0c50  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:49:08.0957 0x0c50  sfloppy - ok
10:49:09.0004 0x0c50  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:49:09.0082 0x0c50  SharedAccess - ok
10:49:09.0129 0x0c50  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:49:09.0222 0x0c50  ShellHWDetection - ok
10:49:09.0316 0x0c50  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:49:09.0347 0x0c50  SiSRaid2 - ok
10:49:09.0363 0x0c50  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:49:09.0394 0x0c50  SiSRaid4 - ok
10:49:09.0425 0x0c50  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:49:09.0472 0x0c50  Smb - ok
10:49:09.0519 0x0c50  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:49:09.0534 0x0c50  SNMPTRAP - ok
10:49:09.0565 0x0c50  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:49:09.0581 0x0c50  spldr - ok
10:49:09.0643 0x0c50  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
10:49:09.0721 0x0c50  Spooler - ok
10:49:09.0877 0x0c50  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:49:10.0111 0x0c50  sppsvc - ok
10:49:10.0143 0x0c50  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:49:10.0205 0x0c50  sppuinotify - ok
10:49:10.0267 0x0c50  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\system32\Drivers\sptd.sys
10:49:10.0267 0x0c50  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
10:49:10.0267 0x0c50  sptd - detected LockedFile.Multi.Generic ( 1 )
10:49:13.0200 0x0c50  Detect skipped due to KSN trusted
10:49:13.0200 0x0c50  sptd - ok
10:49:13.0278 0x0c50  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:49:13.0372 0x0c50  srv - ok
10:49:13.0403 0x0c50  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:49:13.0465 0x0c50  srv2 - ok
10:49:13.0497 0x0c50  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:49:13.0512 0x0c50  srvnet - ok
10:49:13.0543 0x0c50  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:49:13.0606 0x0c50  SSDPSRV - ok
10:49:13.0621 0x0c50  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:49:13.0668 0x0c50  SstpSvc - ok
10:49:13.0746 0x0c50  [ 99913A55BAD22DF154873BBACA4B01D7, B804C6D539C1910EA75985D599A620C459DA460BF080098553FE2EFBE0F694C4 ] stdriver        C:\Windows\system32\DRIVERS\stdriver64.sys
10:49:13.0762 0x0c50  stdriver - ok
10:49:13.0793 0x0c50  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:49:13.0809 0x0c50  stexstor - ok
10:49:13.0871 0x0c50  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:49:13.0980 0x0c50  stisvc - ok
10:49:14.0011 0x0c50  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:49:14.0027 0x0c50  storflt - ok
10:49:14.0058 0x0c50  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:49:14.0074 0x0c50  storvsc - ok
10:49:14.0105 0x0c50  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:49:14.0121 0x0c50  swenum - ok
10:49:14.0183 0x0c50  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:49:14.0261 0x0c50  swprv - ok
10:49:14.0292 0x0c50  Synth3dVsc - ok
10:49:14.0386 0x0c50  [ 924D711941956F7420A4925592BE8253, D621114FC94D9B257EC5B684B90E54B63D4078D5FC19550C2E396AE4EDD2C552 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
10:49:14.0401 0x0c50  SynTP - ok
10:49:14.0511 0x0c50  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
10:49:14.0620 0x0c50  SysMain - ok
10:49:14.0682 0x0c50  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:49:14.0713 0x0c50  TabletInputService - ok
10:49:14.0760 0x0c50  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:49:14.0838 0x0c50  TapiSrv - ok
10:49:14.0869 0x0c50  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:49:14.0932 0x0c50  TBS - ok
10:49:15.0041 0x0c50  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:49:15.0135 0x0c50  Tcpip - ok
10:49:15.0244 0x0c50  [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:49:15.0306 0x0c50  TCPIP6 - ok
10:49:15.0353 0x0c50  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:49:15.0400 0x0c50  tcpipreg - ok
10:49:15.0431 0x0c50  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:49:15.0493 0x0c50  TDPIPE - ok
10:49:15.0525 0x0c50  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:49:15.0556 0x0c50  TDTCP - ok
10:49:15.0618 0x0c50  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:49:15.0665 0x0c50  tdx - ok
10:49:15.0681 0x0c50  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:49:15.0696 0x0c50  TermDD - ok
10:49:15.0759 0x0c50  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
10:49:15.0868 0x0c50  TermService - ok
10:49:15.0915 0x0c50  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:49:15.0961 0x0c50  Themes - ok
10:49:15.0993 0x0c50  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:49:16.0024 0x0c50  THREADORDER - ok
10:49:16.0055 0x0c50  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:49:16.0102 0x0c50  TrkWks - ok
10:49:16.0195 0x0c50  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:49:16.0242 0x0c50  TrustedInstaller - ok
10:49:16.0289 0x0c50  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:49:16.0320 0x0c50  tssecsrv - ok
10:49:16.0367 0x0c50  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:49:16.0429 0x0c50  TsUsbFlt - ok
10:49:16.0429 0x0c50  tsusbhub - ok
10:49:16.0492 0x0c50  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:49:16.0570 0x0c50  tunnel - ok
10:49:16.0617 0x0c50  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:49:16.0632 0x0c50  uagp35 - ok
10:49:16.0679 0x0c50  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:49:16.0726 0x0c50  udfs - ok
10:49:16.0773 0x0c50  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:49:16.0804 0x0c50  UI0Detect - ok
10:49:16.0819 0x0c50  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:49:16.0835 0x0c50  uliagpkx - ok
10:49:16.0882 0x0c50  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
10:49:16.0913 0x0c50  umbus - ok
10:49:16.0929 0x0c50  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:49:16.0944 0x0c50  UmPass - ok
10:49:16.0991 0x0c50  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:49:17.0038 0x0c50  UmRdpService - ok
10:49:17.0069 0x0c50  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:49:17.0131 0x0c50  upnphost - ok
10:49:17.0178 0x0c50  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:49:17.0209 0x0c50  usbccgp - ok
10:49:17.0241 0x0c50  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:49:17.0303 0x0c50  usbcir - ok
10:49:17.0319 0x0c50  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:49:17.0350 0x0c50  usbehci - ok
10:49:17.0381 0x0c50  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:49:17.0412 0x0c50  usbhub - ok
10:49:17.0428 0x0c50  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
10:49:17.0459 0x0c50  usbohci - ok
10:49:17.0506 0x0c50  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:49:17.0537 0x0c50  usbprint - ok
10:49:17.0568 0x0c50  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:49:17.0599 0x0c50  USBSTOR - ok
10:49:17.0631 0x0c50  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:49:17.0646 0x0c50  usbuhci - ok
10:49:17.0662 0x0c50  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:49:17.0724 0x0c50  usbvideo - ok
10:49:17.0755 0x0c50  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:49:17.0833 0x0c50  UxSms - ok
10:49:17.0880 0x0c50  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
10:49:17.0896 0x0c50  VaultSvc - ok
10:49:17.0927 0x0c50  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:49:17.0943 0x0c50  vdrvroot - ok
10:49:18.0005 0x0c50  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:49:18.0099 0x0c50  vds - ok
10:49:18.0145 0x0c50  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:49:18.0161 0x0c50  vga - ok
10:49:18.0177 0x0c50  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:49:18.0239 0x0c50  VgaSave - ok
10:49:18.0255 0x0c50  VGPU - ok
10:49:18.0317 0x0c50  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:49:18.0333 0x0c50  vhdmp - ok
10:49:18.0348 0x0c50  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:49:18.0364 0x0c50  viaide - ok
10:49:18.0411 0x0c50  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:49:18.0426 0x0c50  vmbus - ok
10:49:18.0457 0x0c50  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:49:18.0504 0x0c50  VMBusHID - ok
10:49:18.0535 0x0c50  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:49:18.0551 0x0c50  volmgr - ok
10:49:18.0613 0x0c50  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:49:18.0645 0x0c50  volmgrx - ok
10:49:18.0691 0x0c50  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:49:18.0707 0x0c50  volsnap - ok
10:49:18.0754 0x0c50  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
10:49:18.0769 0x0c50  vpcbus - ok
10:49:18.0832 0x0c50  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:49:18.0879 0x0c50  vpcnfltr - ok
10:49:18.0925 0x0c50  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
10:49:18.0957 0x0c50  vpcusb - ok
10:49:19.0019 0x0c50  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
10:49:19.0050 0x0c50  vpcvmm - ok
10:49:19.0081 0x0c50  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:49:19.0097 0x0c50  vsmraid - ok
10:49:19.0206 0x0c50  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:49:19.0331 0x0c50  VSS - ok
10:49:19.0362 0x0c50  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:49:19.0393 0x0c50  vwifibus - ok
10:49:19.0409 0x0c50  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:49:19.0456 0x0c50  vwififlt - ok
10:49:19.0471 0x0c50  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:49:19.0487 0x0c50  vwifimp - ok
10:49:19.0549 0x0c50  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:49:19.0627 0x0c50  W32Time - ok
10:49:19.0659 0x0c50  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:49:19.0674 0x0c50  WacomPen - ok
10:49:19.0737 0x0c50  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:49:19.0799 0x0c50  WANARP - ok
10:49:19.0815 0x0c50  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:49:19.0861 0x0c50  Wanarpv6 - ok
10:49:19.0971 0x0c50  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:49:20.0095 0x0c50  wbengine - ok
10:49:20.0158 0x0c50  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:49:20.0189 0x0c50  WbioSrvc - ok
10:49:20.0236 0x0c50  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:49:20.0283 0x0c50  wcncsvc - ok
10:49:20.0298 0x0c50  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:49:20.0345 0x0c50  WcsPlugInService - ok
10:49:20.0376 0x0c50  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:49:20.0392 0x0c50  Wd - ok
10:49:20.0470 0x0c50  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:49:20.0517 0x0c50  Wdf01000 - ok
10:49:20.0548 0x0c50  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:49:20.0641 0x0c50  WdiServiceHost - ok
10:49:20.0641 0x0c50  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:49:20.0673 0x0c50  WdiSystemHost - ok
10:49:20.0719 0x0c50  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
10:49:20.0766 0x0c50  WebClient - ok
10:49:20.0797 0x0c50  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:49:20.0860 0x0c50  Wecsvc - ok
10:49:20.0907 0x0c50  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:49:20.0953 0x0c50  wercplsupport - ok
10:49:21.0016 0x0c50  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:49:21.0078 0x0c50  WerSvc - ok
10:49:21.0125 0x0c50  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:49:21.0172 0x0c50  WfpLwf - ok
10:49:21.0187 0x0c50  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:49:21.0203 0x0c50  WIMMount - ok
10:49:21.0250 0x0c50  WinDefend - ok
10:49:21.0265 0x0c50  WinHttpAutoProxySvc - ok
10:49:21.0328 0x0c50  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:49:21.0375 0x0c50  Winmgmt - ok
10:49:21.0499 0x0c50  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:49:21.0671 0x0c50  WinRM - ok
10:49:21.0765 0x0c50  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:49:21.0796 0x0c50  WinUsb - ok
10:49:21.0858 0x0c50  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:49:21.0952 0x0c50  Wlansvc - ok
10:49:21.0983 0x0c50  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:49:21.0999 0x0c50  WmiAcpi - ok
10:49:22.0045 0x0c50  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:49:22.0077 0x0c50  wmiApSrv - ok
10:49:22.0123 0x0c50  WMPNetworkSvc - ok
10:49:22.0155 0x0c50  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:49:22.0170 0x0c50  WPCSvc - ok
10:49:22.0217 0x0c50  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:49:22.0233 0x0c50  WPDBusEnum - ok
10:49:22.0264 0x0c50  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:49:22.0326 0x0c50  ws2ifsl - ok
10:49:22.0342 0x0c50  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
10:49:22.0389 0x0c50  wscsvc - ok
10:49:22.0389 0x0c50  WSearch - ok
10:49:22.0529 0x0c50  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:49:22.0654 0x0c50  wuauserv - ok
10:49:22.0669 0x0c50  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:49:22.0716 0x0c50  WudfPf - ok
10:49:22.0779 0x0c50  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:49:22.0825 0x0c50  WUDFRd - ok
10:49:22.0872 0x0c50  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:49:22.0919 0x0c50  wudfsvc - ok
10:49:22.0950 0x0c50  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:49:22.0997 0x0c50  WwanSvc - ok
10:49:23.0044 0x0c50  ================ Scan global ===============================
10:49:23.0075 0x0c50  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:49:23.0122 0x0c50  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:49:23.0153 0x0c50  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:49:23.0169 0x0c50  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:49:23.0215 0x0c50  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:49:23.0231 0x0c50  [ Global ] - ok
10:49:23.0247 0x0c50  ================ Scan MBR ==================================
10:49:23.0262 0x0c50  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:49:23.0496 0x0c50  \Device\Harddisk0\DR0 - ok
10:49:23.0496 0x0c50  ================ Scan VBR ==================================
10:49:23.0496 0x0c50  [ 307F4A04F2578AFC4BEC6BEB090D90B9 ] \Device\Harddisk0\DR0\Partition1
10:49:23.0496 0x0c50  \Device\Harddisk0\DR0\Partition1 - ok
10:49:23.0512 0x0c50  [ 163AD2F60A64FD02193F8615A4407D40 ] \Device\Harddisk0\DR0\Partition2
10:49:23.0512 0x0c50  \Device\Harddisk0\DR0\Partition2 - ok
10:49:23.0512 0x0c50  Waiting for KSN requests completion. In queue: 102
10:49:24.0526 0x0c50  Waiting for KSN requests completion. In queue: 102
10:49:25.0540 0x0c50  Waiting for KSN requests completion. In queue: 102
10:49:26.0554 0x0c50  Waiting for KSN requests completion. In queue: 102
10:49:27.0568 0x0c50  Waiting for KSN requests completion. In queue: 102
10:49:28.0629 0x0c50  Win FW state via NFP2: enabled
10:49:31.0639 0x0c50  ============================================================
10:49:31.0639 0x0c50  Scan finished
10:49:31.0639 0x0c50  ============================================================
10:49:31.0639 0x0f54  Detected object count: 0
10:49:31.0639 0x0f54  Actual detected object count: 0
10:49:41.0187 0x0e8c  Deinitialize success