Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Log-Analyse und Auswertung: Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Seite 1 von 2 1 2
Alt 27.12.2013, 12:07   #1
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Guten Morgen allerseits.

Heute Nacht haben ich es endlich nach vielen vergeblichen Versuchen geschafft, Avira upzudaten. Vorher ist es immer abbgebrochen, da ich nur einen Surfstick habe. Dadurch habe ich die Vermutung, dass der Virus schon länger drauf sein könnte.
Ich bekomme seit dem Update lediglich den Sicherheitshinweis, das im Masterbootsekktor von C oder E (kam beides schon vor) die Software BOO/TDss.O gefunden wurde. Bisher konnte ich ansonsten noch keine Symptome feststellen. Soweit mir ersichtlich, scheint alles zu laufen, wie es soll. Allerdings fiel mir dann ein, dass ich in den ca. letzten 6-8 Woche mehrmals beim Starten des Computers Probleme hatte, sprich, er startete erst nach mehrmaligen Versuchen, und blieb immer beim Startbildschirm vom Mainboard hängen.

Noch eines vorweg: Ich kann den Editor nicht beutzen. Ich kann schreiben, aber ich kann keine Formate oder Codes einfügen, wie es eigentlich gewünscht ist. Auf einer anderen Seite, wo ich ein ähnliches Problem hatte, wurde mir gesagt, das liege am Surfstick, der irgendwas umändert. Ich bitte also um Entschuldigung. Das Problem tritt zudem bei jedem Browser auf.

Wie im Thread "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" beschrieben, habe ich einige Logfiles zusammengestellt:


Ereignisse von Avira:

Exportierte Ereignisse:

27.12.2013 11:13 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'D:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 11:13 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 11:13 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'E:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 11:13 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 11:13 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 11:13 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:15 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:15 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:15 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:15 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'E:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:15 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:15 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'D:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:00 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'D:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:00 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:00 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'E:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:00 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:00 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 10:00 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 04:09 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 04:09 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 04:09 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 04:09 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'E:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 04:09 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Masterbootsektor von Laufwerk 'Masterbootsektor HD0' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern

27.12.2013 04:09 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'D:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern






Der defogger erstellte mir kein Logfile.



FRST gibt folgendes:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-12-2013
Ran by Christian (administrator) on SERENITY on 27-12-2013 10:29:18
Running from C:\Users\Christian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Felix 'SniperBeamer' Geyer) C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(TODO: <Company name>) C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Monitor] - C:\Windows\PixArt\Pac207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-15] (Power Software Ltd)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [334 2012-05-15] ()
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VIAJDS] - C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe [458752 2009-12-08] (TODO: <Company name>)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-19] (Google Inc.)
HKCU\...\Run: [LightShot] - C:\Users\Christian\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: I - I:\AutoRun.exe
MountPoints2: P - P:\AutoRun.exe
MountPoints2: {00c06d96-0ffd-11e3-9047-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {00c06da7-0ffd-11e3-9047-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {7b0b37b1-8044-11e2-b239-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {7b0b37c1-8044-11e2-b239-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {7b0b37d0-8044-11e2-b239-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {b9af0a03-a139-11e2-bd8f-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {b9af0a18-a139-11e2-bd8f-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {b9af0a30-a139-11e2-bd8f-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {c090c0e4-19ea-11e3-837e-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a3563-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a3580-a1ff-11e2-8443-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {d87a359f-a1ff-11e2-8443-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {d87a35b2-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a35c1-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a35d1-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {f9481e39-77a8-11e2-854d-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {f9481e5f-77a8-11e2-854d-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {fe8e0010-72b2-11e2-bcb8-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {fe8e0020-72b2-11e2-bcb8-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {fe8e0054-72b2-11e2-bcb8-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {fe8e0063-72b2-11e2-bcb8-0026189bbce8} - G:\AutoRun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll [2202728 2012-12-25] ()
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=HP_ss&mntrId=663b62ae0000000000000026189bbce8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F90FCAF7AE9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=HP_ss&mntrId=663b62ae0000000000000026189bbce8
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=0113_3&babsrc=SP_ss&mntrId=663b62ae0000000000000026189bbce8
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {F61253DD-9A2B-4E20-BA6F-E85A70E25BA7} URL = hxxp://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
SearchScopes: HKCU - ëç÷Þb—ÍZÛ²Ì,¾¾wD>Aà[mW[¯¼¡>Õ§ŒÑèßOf”ÓI¶åD‹È@]Èjim- s»™’ URL =
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\..\Interfaces\{317A8E88-9FE3-420B-962A-9E9437D84357}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{C14D50A9-426C-41F4-A4AC-2736913AD760}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default
FF user.js: detected! => C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=NT_ss&mntrId=663b62ae0000000000000026189bbce8
FF Homepage: https://www.google.de/
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120212-0402 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Super Start - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\superstart@enjoyfreeware.org
FF Extension: EPUBReader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Ghostery - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Spamavert.com - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{8e9008b4-ec7c-4c2a-828e-007d5d2dad22}.xpi
FF Extension: ImTranslator - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=HP_ss&mntrId=663b62ae0000000000000026189bbce8
CHR RestoreOnStartup: "hxxp://www.google.de/webhp?source=search_app"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=0113_3&babsrc=SP_ss&mntrId=663b62ae0000000000000026189bbce8
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (Google Update) - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search Assistant ) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn\2.0.0
CHR Extension: (K-ON!) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijlppfhlfgamaofmpafjpibhdmmcbde\3_0
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: () - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Christian\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-27] (Avira Operations GmbH & Co. KG)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2547816 2012-12-25] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-06] (Pandora.TV)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-05] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-27] (Avira Operations GmbH & Co. KG)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BEHRINGER_2902; C:\Windows\SysWow64\Drivers\BUSB2902.sys [340480 2007-11-06] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-31] (DT Soft Ltd)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-08-28] (Huawei Technologies Co., Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 10:29 - 2013-12-27 10:29 - 00028939 _____ C:\Users\Christian\Downloads\FRST.txt
2013-12-27 10:29 - 2013-12-27 10:29 - 00000000 ____D C:\FRST
2013-12-27 10:20 - 2013-12-27 10:28 - 01928716 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-12-27 10:13 - 2013-12-27 10:13 - 00000660 _____ C:\Users\Christian\Downloads\defogger_disable.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000188 _____ C:\Users\Christian\defogger_reenable
2013-12-27 10:12 - 2013-12-27 10:12 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2013-12-27 04:16 - 2013-12-27 04:16 - 00003056 _____ C:\Users\Christian\Desktop\Ereignisse.txt
2013-12-26 22:24 - 2013-12-26 22:24 - 00037348 _____ C:\Users\Christian\Downloads\colors_of_autumn.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00095742 _____ C:\Users\Christian\Downloads\lovely_excuse.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00019571 _____ C:\Users\Christian\Downloads\the_quick.zip
2013-12-26 22:20 - 2013-12-26 22:20 - 00032855 _____ C:\Users\Christian\Downloads\the_blue_oasis.zip
2013-12-26 22:09 - 2013-12-26 22:12 - 00110523 _____ C:\Users\Christian\Downloads\vtks_inked.zip
2013-12-26 22:08 - 2013-12-26 22:11 - 00429375 _____ C:\Users\Christian\Downloads\basterds.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00050419 _____ C:\Users\Christian\Downloads\from_where_you_are.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00025583 _____ C:\Users\Christian\Downloads\beginning_yoga.zip
2013-12-26 22:07 - 2013-12-26 22:08 - 00025090 _____ C:\Users\Christian\Downloads\lasting_love.zip
2013-12-26 22:06 - 2013-12-26 22:07 - 00122938 _____ C:\Users\Christian\Downloads\praying_angel.zip
2013-12-26 22:06 - 2013-12-26 22:07 - 00120623 _____ C:\Users\Christian\Downloads\a_brush_no.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00047131 _____ C:\Users\Christian\Downloads\leap_of_faith.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00014544 _____ C:\Users\Christian\Downloads\beginning_of_summer.zip
2013-12-26 22:05 - 2013-12-26 22:05 - 00018277 _____ C:\Users\Christian\Downloads\da_streets.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00094223 _____ C:\Users\Christian\Downloads\skinny_jeans.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00058703 _____ C:\Users\Christian\Downloads\nkotb_fever.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00047466 _____ C:\Users\Christian\Downloads\manga_temple.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00041602 _____ C:\Users\Christian\Downloads\international_playboy.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00035947 _____ C:\Users\Christian\Downloads\creator_credits.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00048371 _____ C:\Users\Christian\Downloads\blowhole.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00044382 _____ C:\Users\Christian\Downloads\zud_juice.zip
2013-12-26 21:32 - 2013-12-26 21:34 - 00255162 _____ C:\Users\Christian\Downloads\fish_fingers.zip
2013-12-26 21:32 - 2013-12-26 21:34 - 00142667 _____ C:\Users\Christian\Downloads\minya_nouvelle.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00089325 _____ C:\Users\Christian\Downloads\mandroid.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00026950 _____ C:\Users\Christian\Downloads\eight_years_later.zip
2013-12-26 21:27 - 2013-12-26 21:28 - 00045280 _____ C:\Users\Christian\Downloads\candy_stripe.zip
2013-12-26 21:24 - 2013-12-26 21:28 - 00285121 _____ C:\Users\Christian\Downloads\childs_play.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00040598 _____ C:\Users\Christian\Downloads\brown_bear_funk.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00023739 _____ C:\Users\Christian\Downloads\bottle_rocket.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00025439 _____ C:\Users\Christian\Downloads\blam_blam.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00022391 _____ C:\Users\Christian\Downloads\black_boys_on_mopeds.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00094590 _____ C:\Users\Christian\Downloads\acme_secret_agent.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00055656 _____ C:\Users\Christian\Downloads\anime_ace.zip
2013-12-26 21:20 - 2013-12-26 21:21 - 00073281 _____ C:\Users\Christian\Downloads\achilles.zip
2013-12-23 09:58 - 2013-12-23 16:08 - 106512568 _____ C:\Windows\SysWOW64\藽嬴–
2013-12-23 09:54 - 2013-12-23 10:12 - 00001822 _____ C:\Users\Christian\Desktop\Beschreibungen_aS.txt
2013-12-22 23:49 - 2013-12-22 23:49 - 00000000 ____D C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious]
2013-12-22 23:43 - 2013-12-22 23:49 - 03506155 _____ C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious].zip
2013-12-22 10:48 - 2013-12-22 10:50 - 00000000 ____D C:\Users\Christian\Desktop\Bilder_aS_Profil
2013-12-18 03:59 - 2013-12-18 03:59 - 00181083 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_04Uhr00_Final_v2.xlsm
2013-12-18 03:38 - 2013-12-18 03:54 - 00181073 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_03Uhr30_v2.xlsm
2013-12-18 03:13 - 2013-12-18 03:13 - 00004172 _____ C:\Users\Christian\Desktop\Wenn_DANN_Formeln.txt
2013-12-18 02:25 - 2013-12-18 03:03 - 00186431 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr30_v2.xlsm
2013-12-18 02:11 - 2013-12-18 02:18 - 00184676 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00_v2.xlsm
2013-12-18 02:04 - 2013-12-18 02:04 - 00183765 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00.xlsm
2013-12-18 01:27 - 2013-12-18 01:44 - 00187441 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr30.xlsm
2013-12-18 00:58 - 2013-12-18 00:58 - 00183247 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr00.xlsm
2013-12-18 00:28 - 2013-12-18 00:28 - 00182185 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr30.xlsm
2013-12-18 00:01 - 2013-12-18 00:20 - 00181437 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr00.xlsm
2013-12-17 22:33 - 2013-12-17 22:33 - 00000000 _____ C:\Users\Christian\Desktop\Neues Textdokument.txt
2013-12-17 21:16 - 2013-12-17 23:51 - 00180663 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_21Uhr15.xlsm
2013-12-17 20:57 - 2013-12-17 21:03 - 00184068 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU.xlsm
2013-12-16 20:10 - 2013-12-16 20:10 - 00024012 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest.xlsm
2013-12-16 20:08 - 2013-12-16 17:20 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF_2.xlsm
2013-12-16 20:08 - 2013-12-16 17:20 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF.xlsm
2013-12-15 19:06 - 2013-12-15 19:06 - 00014918 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest-2.xlsm
2013-12-14 13:35 - 2013-12-14 13:35 - 00068096 _____ C:\Users\Christian\Desktop\Kopie von BeispielUserForms.xls
2013-12-11 19:29 - 2012-08-09 11:40 - 00031232 _____ C:\Users\Christian\Desktop\test.xls
2013-12-09 21:21 - 2013-12-09 21:23 - 00780800 _____ C:\Users\Christian\Downloads\2007-2010_windows_7_vor_update.zip
2013-12-08 15:42 - 2013-12-08 15:48 - 01616864 _____ C:\Users\Christian\Downloads\[Payapaya]_Yurika_no_Campus_Life_Chapter_1.zip
2013-12-05 22:18 - 2013-12-05 22:24 - 03542704 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba](1).zip
2013-12-05 22:14 - 2013-12-05 22:18 - 02275256 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2013-12-05 08:59 - 2013-12-10 16:28 - 00000000 ____D C:\Users\Christian\Desktop\rivat
2013-12-03 21:16 - 2013-12-26 18:29 - 00000000 ____D C:\Users\Christian\Desktop\dj
2013-12-01 10:59 - 2013-12-08 21:36 - 00317339 _____ C:\Users\Christian\Desktop\Mangaliste_2.xlsm
2013-11-30 11:31 - 2013-11-30 11:30 - 02235763 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v02_the_sighs_of_suzumiya_haruhi_n.epub
2013-11-30 11:21 - 2013-11-30 11:19 - 02243783 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v01_the_melancholy_of_suzumiya_har.epub

==================== One Month Modified Files and Folders =======

2013-12-27 10:29 - 2013-12-27 10:29 - 00028939 _____ C:\Users\Christian\Downloads\FRST.txt
2013-12-27 10:29 - 2013-12-27 10:29 - 00000000 ____D C:\FRST
2013-12-27 10:28 - 2013-12-27 10:20 - 01928716 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-12-27 10:23 - 2012-02-17 16:18 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Winamp
2013-12-27 10:22 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-27 10:22 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-27 10:21 - 2009-07-14 18:58 - 01266994 _____ C:\Windows\system32\perfh007.dat
2013-12-27 10:21 - 2009-07-14 18:58 - 00663980 _____ C:\Windows\system32\perfc007.dat
2013-12-27 10:21 - 2009-07-14 06:13 - 00006666 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-27 10:18 - 2012-02-12 11:50 - 01513673 _____ C:\Windows\WindowsUpdate.log
2013-12-27 10:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-27 10:15 - 2009-07-14 05:51 - 13994639 _____ C:\Windows\setupact.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000660 _____ C:\Users\Christian\Downloads\defogger_disable.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000188 _____ C:\Users\Christian\defogger_reenable
2013-12-27 10:13 - 2012-02-12 11:55 - 00000000 ____D C:\Users\Christian
2013-12-27 10:12 - 2013-12-27 10:12 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2013-12-27 04:16 - 2013-12-27 04:16 - 00003056 _____ C:\Users\Christian\Desktop\Ereignisse.txt
2013-12-27 03:53 - 2012-02-19 23:39 - 00000396 _____ C:\Windows\Tasks\update-S-1-5-21-794549961-1181347935-302815916-1001.job
2013-12-27 03:45 - 2012-03-31 15:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-27 03:42 - 2012-02-19 22:17 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA.job
2013-12-27 03:16 - 2012-02-19 23:39 - 00000396 _____ C:\Windows\Tasks\update-sys.job
2013-12-27 01:57 - 2013-06-28 21:12 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-26 22:24 - 2013-12-26 22:24 - 00037348 _____ C:\Users\Christian\Downloads\colors_of_autumn.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00095742 _____ C:\Users\Christian\Downloads\lovely_excuse.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00019571 _____ C:\Users\Christian\Downloads\the_quick.zip
2013-12-26 22:20 - 2013-12-26 22:20 - 00032855 _____ C:\Users\Christian\Downloads\the_blue_oasis.zip
2013-12-26 22:12 - 2013-12-26 22:09 - 00110523 _____ C:\Users\Christian\Downloads\vtks_inked.zip
2013-12-26 22:11 - 2013-12-26 22:08 - 00429375 _____ C:\Users\Christian\Downloads\basterds.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00050419 _____ C:\Users\Christian\Downloads\from_where_you_are.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00025583 _____ C:\Users\Christian\Downloads\beginning_yoga.zip
2013-12-26 22:08 - 2013-12-26 22:07 - 00025090 _____ C:\Users\Christian\Downloads\lasting_love.zip
2013-12-26 22:07 - 2013-12-26 22:06 - 00122938 _____ C:\Users\Christian\Downloads\praying_angel.zip
2013-12-26 22:07 - 2013-12-26 22:06 - 00120623 _____ C:\Users\Christian\Downloads\a_brush_no.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00047131 _____ C:\Users\Christian\Downloads\leap_of_faith.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00014544 _____ C:\Users\Christian\Downloads\beginning_of_summer.zip
2013-12-26 22:05 - 2013-12-26 22:05 - 00018277 _____ C:\Users\Christian\Downloads\da_streets.zip
2013-12-26 21:42 - 2012-02-19 22:17 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core.job
2013-12-26 21:35 - 2013-12-26 21:35 - 00094223 _____ C:\Users\Christian\Downloads\skinny_jeans.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00058703 _____ C:\Users\Christian\Downloads\nkotb_fever.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00047466 _____ C:\Users\Christian\Downloads\manga_temple.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00041602 _____ C:\Users\Christian\Downloads\international_playboy.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00035947 _____ C:\Users\Christian\Downloads\creator_credits.zip
2013-12-26 21:34 - 2013-12-26 21:32 - 00255162 _____ C:\Users\Christian\Downloads\fish_fingers.zip
2013-12-26 21:34 - 2013-12-26 21:32 - 00142667 _____ C:\Users\Christian\Downloads\minya_nouvelle.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00048371 _____ C:\Users\Christian\Downloads\blowhole.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00044382 _____ C:\Users\Christian\Downloads\zud_juice.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00089325 _____ C:\Users\Christian\Downloads\mandroid.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00026950 _____ C:\Users\Christian\Downloads\eight_years_later.zip
2013-12-26 21:28 - 2013-12-26 21:27 - 00045280 _____ C:\Users\Christian\Downloads\candy_stripe.zip
2013-12-26 21:28 - 2013-12-26 21:24 - 00285121 _____ C:\Users\Christian\Downloads\childs_play.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00040598 _____ C:\Users\Christian\Downloads\brown_bear_funk.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00023739 _____ C:\Users\Christian\Downloads\bottle_rocket.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00025439 _____ C:\Users\Christian\Downloads\blam_blam.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00022391 _____ C:\Users\Christian\Downloads\black_boys_on_mopeds.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00094590 _____ C:\Users\Christian\Downloads\acme_secret_agent.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00055656 _____ C:\Users\Christian\Downloads\anime_ace.zip
2013-12-26 21:21 - 2013-12-26 21:20 - 00073281 _____ C:\Users\Christian\Downloads\achilles.zip
2013-12-26 18:29 - 2013-12-03 21:16 - 00000000 ____D C:\Users\Christian\Desktop\dj
2013-12-24 00:04 - 2012-05-20 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 16:08 - 2013-12-23 09:58 - 106512568 _____ C:\Windows\SysWOW64\藽嬴–
2013-12-23 10:12 - 2013-12-23 09:54 - 00001822 _____ C:\Users\Christian\Desktop\Beschreibungen_aS.txt
2013-12-23 09:40 - 2012-12-07 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 23:49 - 2013-12-22 23:49 - 00000000 ____D C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious]
2013-12-22 23:49 - 2013-12-22 23:43 - 03506155 _____ C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious].zip
2013-12-22 10:50 - 2013-12-22 10:48 - 00000000 ____D C:\Users\Christian\Desktop\Bilder_aS_Profil
2013-12-20 11:30 - 2012-02-19 13:28 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-12-19 20:13 - 2012-04-07 09:08 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Nitro PDF
2013-12-19 15:51 - 2012-08-19 15:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-12-19 15:05 - 2013-08-08 15:08 - 00000000 ____D C:\Users\Christian\AppData\Roaming\KeePass
2013-12-18 03:59 - 2013-12-18 03:59 - 00181083 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_04Uhr00_Final_v2.xlsm
2013-12-18 03:54 - 2013-12-18 03:38 - 00181073 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_03Uhr30_v2.xlsm
2013-12-18 03:13 - 2013-12-18 03:13 - 00004172 _____ C:\Users\Christian\Desktop\Wenn_DANN_Formeln.txt
2013-12-18 03:03 - 2013-12-18 02:25 - 00186431 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr30_v2.xlsm
2013-12-18 02:18 - 2013-12-18 02:11 - 00184676 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00_v2.xlsm
2013-12-18 02:04 - 2013-12-18 02:04 - 00183765 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00.xlsm
2013-12-18 01:44 - 2013-12-18 01:27 - 00187441 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr30.xlsm
2013-12-18 00:58 - 2013-12-18 00:58 - 00183247 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr00.xlsm
2013-12-18 00:28 - 2013-12-18 00:28 - 00182185 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr30.xlsm
2013-12-18 00:20 - 2013-12-18 00:01 - 00181437 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr00.xlsm
2013-12-17 23:51 - 2013-12-17 21:16 - 00180663 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_21Uhr15.xlsm
2013-12-17 22:33 - 2013-12-17 22:33 - 00000000 _____ C:\Users\Christian\Desktop\Neues Textdokument.txt
2013-12-17 21:03 - 2013-12-17 20:57 - 00184068 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU.xlsm
2013-12-16 20:10 - 2013-12-16 20:10 - 00024012 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest.xlsm
2013-12-16 17:20 - 2013-12-16 20:08 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF_2.xlsm
2013-12-16 17:20 - 2013-12-16 20:08 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF.xlsm
2013-12-15 19:06 - 2013-12-15 19:06 - 00014918 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest-2.xlsm
2013-12-14 13:35 - 2013-12-14 13:35 - 00068096 _____ C:\Users\Christian\Desktop\Kopie von BeispielUserForms.xls
2013-12-11 20:27 - 2012-10-23 09:41 - 00000000 ____D C:\Users\Christian\Documents\Calibre Bibliothek
2013-12-10 16:28 - 2013-12-05 08:59 - 00000000 ____D C:\Users\Christian\Desktop\rivat
2013-12-09 21:23 - 2013-12-09 21:21 - 00780800 _____ C:\Users\Christian\Downloads\2007-2010_windows_7_vor_update.zip
2013-12-08 21:36 - 2013-12-01 10:59 - 00317339 _____ C:\Users\Christian\Desktop\Mangaliste_2.xlsm
2013-12-08 15:48 - 2013-12-08 15:42 - 01616864 _____ C:\Users\Christian\Downloads\[Payapaya]_Yurika_no_Campus_Life_Chapter_1.zip
2013-12-05 22:24 - 2013-12-05 22:18 - 03542704 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba](1).zip
2013-12-05 22:18 - 2013-12-05 22:14 - 02275256 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2013-12-03 21:37 - 2012-02-19 22:17 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA
2013-12-03 21:37 - 2012-02-19 22:17 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core
2013-11-30 11:30 - 2013-11-30 11:31 - 02235763 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v02_the_sighs_of_suzumiya_haruhi_n.epub
2013-11-30 11:19 - 2013-11-30 11:21 - 02243783 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v01_the_melancholy_of_suzumiya_har.epub

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Christian\AppData\Local\Temp\AskSLib.dll
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\binkw32.dll
C:\Users\Christian\AppData\Local\Temp\d2l_Install.exe
C:\Users\Christian\AppData\Local\Temp\DTLite4454-0315.exe
C:\Users\Christian\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Christian\AppData\Local\Temp\installerdll28338860.dll
C:\Users\Christian\AppData\Local\Temp\jna4221618882833569241.dll
C:\Users\Christian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.109.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\Christian\AppData\Local\Temp\ose00000.exe
C:\Users\Christian\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\Christian\AppData\Local\Temp\pyl3DB.tmp.exe
C:\Users\Christian\AppData\Local\Temp\RESTART.exe
C:\Users\Christian\AppData\Local\Temp\set0000.exe
C:\Users\Christian\AppData\Local\Temp\set0001.exe
C:\Users\Christian\AppData\Local\Temp\set0002.exe
C:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christian\AppData\Local\Temp\sonarinst.exe
C:\Users\Christian\AppData\Local\Temp\tmp2338.exe
C:\Users\Christian\AppData\Local\Temp\tmp5C42.exe
C:\Users\Christian\AppData\Local\Temp\tmp5CCF.exe
C:\Users\Christian\AppData\Local\Temp\tmp6834.exe
C:\Users\Christian\AppData\Local\Temp\tmp8880.exe
C:\Users\Christian\AppData\Local\Temp\tmpA997.exe
C:\Users\Christian\AppData\Local\Temp\tmpD95D.exe
C:\Users\Christian\AppData\Local\Temp\tmpDDE0.exe
C:\Users\Christian\AppData\Local\Temp\tmpE168.exe
C:\Users\Christian\AppData\Local\Temp\tmpE8E7.exe
C:\Users\Christian\AppData\Local\Temp\tmpFC78.exe
C:\Users\Christian\AppData\Local\Temp\ydetect.exe
C:\Users\Christian\AppData\Local\Temp\_isACF3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 00:39

==================== End Of Log ============================








Und die Addition hierzu:


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2013
Ran by Christian at 2013-12-27 10:33:51
Running from C:\Users\Christian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.8) - Deutsch (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634)
Amazon Kindle (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0704.122.388)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
AMD Steady Video Plug-In (Version: 2.04.0000)
AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388)
Application Profiles (x32 Version: 2.0.4441.36343)
ASIO4ALL (x32 Version: 2.10)
Audacity 1.2.6 (x32)
Avira Free Antivirus (x32 Version: 14.0.2.286)
Babylon Chrome Toolbar (x32 Version: 2.0.0.7) <==== ATTENTION
Babylon toolbar (x32 Version: 1.8.7.2) <==== ATTENTION
Barcode Vectorizer 1.4 (x32)
Battlefield 3™ (x32 Version: 1.4.0.0)
Battlelog Web Plugins (x32 Version: 2.1.2)
BEHRINGER USB AUDIO DRIVER
BEHRINGER USB AUDIO DRIVER (x32)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7055 (x32 Version: 1.0.7.0)
BrowserProtect (x32) <==== ATTENTION
calibre (x32 Version: 0.9.3)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388)
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388)
CCC Help Czech (x32 Version: 2012.0704.0121.388)
CCC Help Danish (x32 Version: 2012.0704.0121.388)
CCC Help Dutch (x32 Version: 2012.0704.0121.388)
CCC Help English (x32 Version: 2012.0704.0121.388)
CCC Help Finnish (x32 Version: 2012.0704.0121.388)
CCC Help French (x32 Version: 2012.0704.0121.388)
CCC Help German (x32 Version: 2012.0704.0121.388)
CCC Help Greek (x32 Version: 2012.0704.0121.388)
CCC Help Hungarian (x32 Version: 2012.0704.0121.388)
CCC Help Italian (x32 Version: 2012.0704.0121.388)
CCC Help Japanese (x32 Version: 2012.0704.0121.388)
CCC Help Korean (x32 Version: 2012.0704.0121.388)
CCC Help Norwegian (x32 Version: 2012.0704.0121.388)
CCC Help Polish (x32 Version: 2012.0704.0121.388)
CCC Help Portuguese (x32 Version: 2012.0704.0121.388)
CCC Help Russian (x32 Version: 2012.0704.0121.388)
CCC Help Spanish (x32 Version: 2012.0704.0121.388)
CCC Help Swedish (x32 Version: 2012.0704.0121.388)
CCC Help Thai (x32 Version: 2012.0704.0121.388)
CCC Help Turkish (x32 Version: 2012.0704.0121.388)
ccc-utility64 (Version: 2012.0704.122.388)
CDBurnerXP (x32 Version: 4.4.0.2905)
DAEMON Tools Lite (x32 Version: 4.45.4.0315)
Daum PotPlayer 1.5.34665 (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
eMedia (x32 Version: 1.0.6.4)
ESN Sonar (x32 Version: 0.70.4)
Fate/hollow ataraxia (x32 Version: 1.00)
File Splitter and Joiner (FFSJ v3.3) (x32)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
foobar2000 v1.1.11 (x32 Version: 1.1.11)
FormatFactory 2.90 (x32 Version: 2.90)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
FreeCommander 2009.02b (x32 Version: 2009.02)
FreePDF (Remove only) (x32)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (HKCU Version: 31.0.1650.63)
Google Translator (HKCU)
GPL Ghostscript (Version: 9.04)
Hama Webcam Suite (x32 Version: 1.0.5.5)
IconPackager (x32 Version: 5.00)
IconPackager (x32)
ImgBurn (x32 Version: 2.5.7.0)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30)
Java(TM) SE Development Kit 7 Update 3 (64-bit) (Version: 1.7.0.30)
JavaFX 2.0.3 (64-bit) (Version: 2.0.3)
JavaFX 2.0.3 SDK (64-bit) (Version: 2.0.3)
Joe (x32 Version: 3.08.0100)
KeePass Password Safe 2.23 (x32)
KRISTAL Audio Engine (x32)
LibreOffice 3.5 (x32 Version: 3.5.0.13)
MagicDisc 2.7.106 (x32)
Malwarebytes Anti-Malware Version 1.60.1.1000 (x32 Version: 1.60.1.1000)
Media Player Classic - Home Cinema 1.6.0.4014 x64 (Version: 1.6.0.4014)
mediAvatar PDF to EPUB Converter (x32 Version: 1.0.1.0701)
Melty Blood: Act Cadenza Trial English v1.2 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft Mathematics (64-bit) (Version: 4.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.30319)
Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.30319)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visio Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.40303)
Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Mobile Partner (x32 Version: 21.005.15.02.35)
MovieDownloader (x32 Version: 2.1 Build 26473)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
Mozilla Thunderbird 17.0.2 (x86 de) (x32 Version: 17.0.2)
MP4 To MP3 Converter V3.0 (x32)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MusicBrainz Picard (x32 Version: 1.1)
Native Instruments Controller Editor (Version: 1.3.5.667)
Native Instruments Controller Editor (x32)
Native Instruments Guitar Rig 5 (Version: 5.0.1.2447)
Native Instruments Guitar Rig 5 (x32)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Guitar Rig Session I/O (x32)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625)
Native Instruments Rig Kontrol 3 (x32)
Native Instruments Service Center (Version: 2.2.6.676)
Native Instruments Service Center (x32)
Nitro PDF Professional (Version: 6.2.3.6)
Nitro Reader 3 (Version: 3.1.1.3)
Nuance PaperPort 12 (x32 Version: 12.1.0000)
Opera 12.11 (x32 Version: 12.11.1661)
Origin (x32 Version: 8.5.0.4554)
osu! (x32 Version: 0.0.0.0)
PakkISO 0.4 (x32 Version: PakkISO 0.4 by zorted, installer by BitLooter)
Pandora Service (x32)
PaperPort Image Printer 64-bit (Version: 1.00.0001)
PCSX2 - Playstation 2 Emulator (x32)
PDFCreator (x32 Version: 1.5.1)
pdfsam (x32 Version: 2.2.1)
PDF-Viewer (Version: 2.0.41.5)
PDF-XChange Shell Extentions (Version: 2.0.41.5)
PhotoFiltre 7 (HKCU)
Platform (x32 Version: 1.34)
PowerISO (x32 Version: 4.9)
Project64 1.6 (x32 Version: 1.6)
PunkBuster Services (x32 Version: 0.991)
Rainmeter (x32 Version: 2.2 r1116)
Recorder (x32 Version: 7.0.0)
RedMon - Redirection Port Monitor
Samplitude Music Studio MX Download-Version (x32 Version: 18.0.0.43)
Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0)
Shutter (x32 Version: 2.90)
Skype™ 6.0 (x32 Version: 6.0.126)
SopCast 3.5.0 (x32 Version: 3.5.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SUPER ゥ v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (x32 Version: v2012.build.54)
swMSM (x32 Version: 12.0.0.1)
TeraCopy 2.27
The KMPlayer (remove only) (x32)
Thunderbird-Tray (x32 Version: 1.2)
Total Commander (Remove or Repair) (x32 Version: 7.57a)
TuxGuitar (x32 Version: 1.2)
Ubuntu (x32 Version: 11.10-rev241)
UltraMon (Version: 3.1.0)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Utawarerumono English v1.1 (x32)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VIA Plattform-Geräte-Manager (x32 Version: 1.34)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
VLC media player 2.1.0-git-20120212-0402 (Version: 2.1.0-git-20120212-0402)
Web Deployment Tool (Version: 1.1.0618)
Winamp (x32 Version: 5.623 )
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1)
WinRAR 4.10 (32-Bit) (x32 Version: 4.10.0)
XMedia Recode version 3.1.3.8 (x32 Version: 3.1.3.8)
Yahoo! Detect (x32)
真剣で私に恋しなさい! (HKCU)

==================== Restore Points =========================

26-12-2013 00:44:59 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04E0024F-9683-4EF3-8FF6-F7990D4CA363} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {2B649573-73CF-4F3A-8CD4-D5B5913E42F1} - System32\Tasks\update-S-1-5-21-794549961-1181347935-302815916-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {9BED2337-B65A-4B9D-AFC9-8BF6BFE58633} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)
Task: {9FF8BEDC-149A-46CD-B09F-5DBC533F8779} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {CEB05CFB-1AD6-4125-A3A8-6F9453366A13} - System32\Tasks\{CC308113-4674-485C-89D8-9547EF30BCBE} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.179.259&amp;LastError=404
Task: {E6663532-279F-48C7-800C-6353168223C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-19] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core.job => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA.job => C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-794549961-1181347935-302815916-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-10-27 17:14 - 2012-06-08 14:15 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-10-27 17:14 - 2012-06-08 14:15 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-10-27 09:08 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-01-04 17:00 - 2012-12-25 09:51 - 02202728 _____ () C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
2012-02-12 15:59 - 2012-03-14 03:20 - 01274880 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2012-02-12 15:59 - 2012-02-12 15:59 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2012-02-12 15:59 - 2012-02-12 15:59 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2012-03-14 03:19 - 2012-03-23 03:04 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2012-03-31 09:58 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00427008 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00264192 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 02415104 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 09515520 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00382464 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2013-08-28 17:26 - 2013-08-28 17:26 - 00218112 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00135168 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00545280 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00238080 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00301056 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00237568 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00133120 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00159744 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00176128 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00264704 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00217600 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00156672 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00338432 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00114688 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 01078272 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00670720 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00550400 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00547840 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00211968 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00101376 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00180224 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00131072 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 01101824 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00278528 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00538624 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00398336 _____ () C:\Program Files (x86)\Mobile Partner\QtXml4.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00184832 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00123392 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00307200 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00117760 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00441856 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00093184 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00333824 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00295424 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00484352 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2013-08-28 17:26 - 2013-08-28 17:26 - 00209408 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2012-12-07 18:10 - 2013-12-23 09:40 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00047616 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2013-12-27 10:23 - 2013-12-27 10:23 - 00010752 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\auth.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00069120 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\burnlib.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00013824 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\dsp_sps.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006656 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\enc_fhgaac.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\enc_flac.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005632 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\enc_lame.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\enc_vorbis.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\enc_wav.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006144 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\enc_wma.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00023552 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_classicart.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00007168 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_crasher.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00023040 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_ff.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_find_on_disk.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00011264 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_hotkeys.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00041984 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_jumpex.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00021504 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_ml.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00009216 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_nopro.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00007168 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_orgler.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00011776 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_skinmanager.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00010240 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_timerestore.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00008192 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_tray.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00010752 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\gen_undo.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005120 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_avi.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00014336 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_cdda.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006656 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_dshow.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005632 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_flac.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003584 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_flv.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003584 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_linein.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00020480 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_midi.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004608 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_mkv.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00018944 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_mod.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00023040 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_mp3.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005120 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_mp4.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00011776 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_nsv.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003584 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_swf.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00011264 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_vorbis.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006656 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_wav.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005632 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_wave.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00015360 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_wm.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004608 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\in_wv.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003584 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_addons.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006656 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_autotag.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005120 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_bookmarks.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00008704 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_devices.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00047616 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_disc.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00009728 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_downloads.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004608 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_enqplay.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00008704 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_history.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005120 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_impex.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00056320 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_local.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003584 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_nowplaying.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00014336 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_online.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_orb.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00012800 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_playlists.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00034816 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_plg.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00047104 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_pmp.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00005120 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_rg.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00008192 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_transcode.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00014848 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ml_wire.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00036352 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\ombrowser.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006144 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\out_disk.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00016384 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\out_ds.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00007680 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\out_wave.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003072 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\playlist.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004608 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_activesync.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00020480 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_android.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00036864 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_ipod.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00003584 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_njb.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_p4s.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00011776 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_usb.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00039424 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\pmp_wifi.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00006144 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\tagz.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00088064 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\vis_avs.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00155648 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\vis_milk2.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00007680 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\vis_nsfs.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00204800 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\winamp.lng
2013-12-27 10:23 - 2013-12-27 10:23 - 00004096 _____ () C:\Users\Christian\AppData\Local\Temp\WLZ257A.tmp\winampa.lng
2011-12-09 18:23 - 2012-02-17 16:18 - 00023040 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00103936 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00090112 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2011-12-09 18:23 - 2012-02-17 16:18 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00165376 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00290304 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00027648 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2011-11-10 23:10 - 2012-02-17 16:18 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00318464 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00294400 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00082944 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00200192 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00241152 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2011-12-09 18:23 - 2012-02-17 16:18 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:A8AF8B49

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2013 10:21:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/27/2013 10:21:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/27/2013 10:21:01 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/27/2013 10:15:27 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: kdbsync.exe, Version: 0.0.0.0, Zeitstempel: 0x4f67a718
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0xeb4
Startzeit der fehlerhaften Anwendung: 0xkdbsync.exe0
Pfad der fehlerhaften Anwendung: kdbsync.exe1
Pfad des fehlerhaften Moduls: kdbsync.exe2
Berichtskennung: kdbsync.exe3

Error: (12/27/2013 10:06:15 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/27/2013 10:06:15 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/27/2013 10:06:15 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/27/2013 04:14:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/27/2013 04:14:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/27/2013 04:14:44 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (12/27/2013 10:15:48 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "" den Befehl "chkdsk" aus.

Error: (12/27/2013 10:15:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/27/2013 10:15:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/27/2013 10:01:03 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "" den Befehl "chkdsk" aus.

Error: (12/27/2013 10:00:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/27/2013 10:00:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/27/2013 04:09:30 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "" den Befehl "chkdsk" aus.

Error: (12/27/2013 04:09:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (12/27/2013 04:08:49 AM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT-AUTORITÄT)
Description: Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf "I:" können nicht gelesen werden.

Error: (12/27/2013 04:08:48 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (12/27/2013 10:21:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/27/2013 10:21:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (12/27/2013 10:21:01 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (12/27/2013 10:15:27 AM) (Source: Application Error)(User: )
Description: kdbsync.exe0.0.0.04f67a718unknown0.0.0.000000000c000000500000000eb401cf02e4258b1930C:\Program Files (x86)\AMD AVT\bin\kdbsync.exeunknown6c935d4a-6ed7-11e3-99bc-0026189bbce8

Error: (12/27/2013 10:06:15 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/27/2013 10:06:15 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (12/27/2013 10:06:15 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (12/27/2013 04:14:44 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (12/27/2013 04:14:44 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (12/27/2013 04:14:44 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
Date: 2012-02-17 09:17:24.970
Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files (x86)\TGTSoft\StyleXP\StyleXPHelper.exe" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-02-17 09:17:24.939
Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files (x86)\TGTSoft\StyleXP\StyleXPHelper.exe" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-02-16 17:03:53.868
Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files (x86)\TGTSoft\StyleXP\StyleXPHelper.exe" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2012-02-16 17:03:53.822
Description: Windows konnte die Abbildintegritat der Datei "\Device\HarddiskVolume2\Program Files (x86)\TGTSoft\StyleXP\StyleXPHelper.exe" nicht uberprufen, weil der Dateihash nicht im System gefunden wurde. Moglicherweise wurde durch eine kurzlich durchgefuhrte Hardware- oder Softwareanderung eine falsch signierte oder beschadigte Datei oder eine Datei, bei der es sich um schadliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 4095.11 MB
Available physical RAM: 2304.98 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 5817.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:9.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:368.1 GB) (Free:72.44 GB) NTFS
Drive p: (Surfstick) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: DDA7BF73)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1040 KB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 4

==================== End Of Log ============================








Wie gesagt, ich kann den Editor nicht nutzen, daher dieser riesen Post. Wenn gewünsch kann ich es aber auch zippen. Die Gmer.txt würde ich posten, wenn gewünscht, ich lass sie mal raus, da es sonst dann doch zu groß wird.

Vielen Dank bereits

Die Durkadenz.

Alt 27.12.2013, 13:35   #2
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden




Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________
Alt 28.12.2013, 11:38   #3
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Hallo Durkadenz,

Meine Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweise
  • Ich kann dir nie eine Garantie geben, dass alles entfernt wurde. Die Formatierung der Festplatte und das Neuinstallieren deines Betriebssystems ist immer sicherer und meistens schneller.
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.

Zitat:
Die Gmer.txt würde ich posten, wenn gewünscht, ich lass sie mal raus, da es sonst dann doch zu groß wird.
Post das Logfile bitte im nächsten Post (falls der Post durch die Logfiles zu viele Zeichen enthält, in mehrer Posts aufteilen).



Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • TDSSKiller-Scan
__________________
__________________
Alt 28.12.2013, 12:41   #4
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Moin Jonas,

Dann mal vielen Dank, für die Hilfe. Ich werde mich an die Anweisungen halten, also hoffe ich. Sollte ich Fehler machen, dann natürlich unbeabsichtigt.

Also, wie gewünscht hier zunächst due GMER LOG:


GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-27 10:57:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ100E4 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\axriypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                     fffff800033f1000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574                                                                                                     fffff800033f100e 3 bytes [00, 00, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                  000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1644] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                      000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1792] C:\Windows\syswow64\USER32.dll!DialogBoxParamW               000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077b51465 2 bytes [B5, 77]
.text     C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1844] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                          000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\schtasks.exe[1860] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Windows\SysWOW64\schtasks.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                         0000000077b51465 2 bytes [B5, 77]
.text     C:\Windows\SysWOW64\schtasks.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                   000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2100] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294  000000006ab321c6 4 bytes [24, D9, B9, 68]
.text     C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2100] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435  000000006ab373d3 4 bytes [74, 4C, 09, 66]
.text     C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe[2100] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70                  000000006ab75366 4 bytes [20, EF, B9, 68]
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2168] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                       000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                  000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                00000000714d1a22 2 bytes [4D, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                00000000714d1ad0 2 bytes [4D, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                00000000714d1b08 2 bytes [4D, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                00000000714d1bba 2 bytes [4D, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                00000000714d1bda 2 bytes [4D, 71]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                         0000000077b51465 2 bytes [B5, 77]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe[2432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                            000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe[2432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Windows\PixArt\Pac207\Monitor.exe[2724] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                              000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Windows\PixArt\Pac207\Monitor.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000077b51465 2 bytes [B5, 77]
.text     C:\Windows\PixArt\Pac207\Monitor.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2680] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                      000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000077b51465 2 bytes [B5, 77]
.text     C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\ProgramData\DatacardService\DCSHelper.exe[1292] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                      000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\ProgramData\DatacardService\DCSHelper.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000077b51465 2 bytes [B5, 77]
.text     C:\ProgramData\DatacardService\DCSHelper.exe[1292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe[2888] C:\Windows\syswow64\user32.dll!DialogBoxParamW                                                                000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe[2888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3180] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                      000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\PowerISO\PWRISOVM.EXE[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Winamp\winampa.exe[3200] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                         000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Winamp\winampa.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Winamp\winampa.exe[3200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                               0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3288] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                   000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[3388] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                              000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                      000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[3424] C:\Windows\syswow64\USER32.dll!DialogBoxParamW               000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077b51465 2 bytes [B5, 77]
.text     C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3456] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                              000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                              000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                     0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                    0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\FreePDF_XP\fpassist.exe[3756] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                    000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\FreePDF_XP\fpassist.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                           0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\FreePDF_XP\fpassist.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                          0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                  000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3888] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                               000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                           000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5036] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                       000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Browny02\BrYNSvc.exe[5036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Users\Christian\Downloads\gmer_2.1.19163.exe[5292] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                   000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Users\Christian\Downloads\gmer_2.1.19163.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000077b51465 2 bytes [B5, 77]
.text     C:\Users\Christian\Downloads\gmer_2.1.19163.exe[5292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                         0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5488] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                           000000007539cfca 5 bytes JMP 00000001735c4680
.text     C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000077b51465 2 bytes [B5, 77]
.text     C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe[5488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000077b514bb 2 bytes [B5, 77]
.text     ...                                                                                                                                                                    * 2

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\@FormKeyword                                                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\@FormKeyword                                                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\                                                                                                                     
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\@FormKeyword                                                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                    1
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                 0xFE 0x7F 0x25 0x22 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                    0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                    0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                 0xB5 0x6B 0xD9 0xF1 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                              
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                        0xAE 0x33 0x76 0x22 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                           0xA0 0x02 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                         
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                   0x05 0x2D 0xCD 0x7E ...
Reg       HKLM\SYSTEM\ControlSet002\Control\Print\Forms\ (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\Control\Print\Forms\@FormKeyword                                                                                                             
Reg       HKLM\SYSTEM\ControlSet002\Control\Print\Forms\ (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\Control\Print\Forms\@FormKeyword                                                                                                             
Reg       HKLM\SYSTEM\ControlSet002\Control\Print\Forms\ (not active ControlSet)                                                                                                 
Reg       HKLM\SYSTEM\ControlSet002\Control\Print\Forms\@FormKeyword                                                                                                             
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                        1
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                     0xFE 0x7F 0x25 0x22 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                   
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                        0x00 0x00 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                        0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                     0xB5 0x6B 0xD9 0xF1 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                        C:\Program Files (x86)\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                          
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                            0xAE 0x33 0x76 0x22 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                               0xA0 0x02 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                     
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                       0x05 0x2D 0xCD 0x7E ...
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\11_Sonstiges\\x3046\x305f\x308f\x308c\x308b\x3082\x306eDVD       1

---- EOF - GMER 2.1 ----
--- --- ---
Alt 28.12.2013, 12:42   #5
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Und hier die Log vom TDSSKiller (Hierzu ein kleiner Hinweis: Ich habe es mehrfach versucht, aber der Download bei Filepony wird immer abgebrochen, habe also bei Chip die Version geladen) :


12:22:59.0566 0x0b54 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
12:23:13.0553 0x0b54 ============================================================
12:23:13.0553 0x0b54 Current date / time: 2013/12/28 12:23:13.0553
12:23:13.0553 0x0b54 SystemInfo:
12:23:13.0554 0x0b54
12:23:13.0554 0x0b54 OS Version: 6.1.7601 ServicePack: 1.0
12:23:13.0554 0x0b54 Product type: Workstation
12:23:13.0554 0x0b54 ComputerName: SERENITY
12:23:13.0554 0x0b54 UserName: Christian
12:23:13.0555 0x0b54 Windows directory: C:\Windows
12:23:13.0555 0x0b54 System windows directory: C:\Windows
12:23:13.0555 0x0b54 Running under WOW64
12:23:13.0555 0x0b54 Processor architecture: Intel x64
12:23:13.0555 0x0b54 Number of processors: 4
12:23:13.0555 0x0b54 Page size: 0x1000
12:23:13.0555 0x0b54 Boot type: Normal boot
12:23:13.0555 0x0b54 ============================================================
12:23:15.0135 0x0b54 KLMD registered as C:\Windows\system32\drivers\23263648.sys
12:23:15.0317 0x0b54 System UUID: {0C8F5D1B-1AD2-9E13-21A9-22D5E4AA1F78}
12:23:15.0999 0x0b54 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:23:16.0008 0x0b54 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:23:22.0949 0x0b54 ============================================================
12:23:22.0949 0x0b54 \Device\Harddisk0\DR0:
12:23:22.0949 0x0b54 MBR partitions:
12:23:22.0949 0x0b54 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:23:22.0949 0x0b54 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
12:23:22.0949 0x0b54 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035800
12:23:22.0949 0x0b54 \Device\Harddisk1\DR1:
12:23:22.0951 0x0b54 MBR partitions:
12:23:22.0951 0x0b54 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
12:23:22.0951 0x0b54 ============================================================
12:23:22.0981 0x0b54 C: <-> \Device\Harddisk0\DR0\Partition2
12:23:23.0019 0x0b54 D: <-> \Device\Harddisk0\DR0\Partition1
12:23:23.0052 0x0b54 E: <-> \Device\Harddisk0\DR0\Partition3
12:23:23.0085 0x0b54 R: <-> \Device\Harddisk1\DR1\Partition1
12:23:23.0087 0x0b54 ============================================================
12:23:23.0087 0x0b54 Initialize success
12:23:23.0087 0x0b54 ============================================================
12:30:40.0697 0x10bc ============================================================
12:30:40.0697 0x10bc Scan started
12:30:40.0697 0x10bc Mode: Manual; SigCheck; TDLFS;
12:30:40.0697 0x10bc ============================================================
12:30:40.0697 0x10bc KSN ping started
12:30:44.0631 0x10bc KSN ping finished: true
12:30:47.0359 0x10bc ================ Scan system memory ========================
12:30:47.0359 0x10bc System memory - ok
12:30:47.0360 0x10bc ================ Scan services =============================
12:30:47.0677 0x10bc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:30:47.0881 0x10bc 1394ohci - ok
12:30:47.0986 0x10bc [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:30:48.0037 0x10bc ACDaemon - ok
12:30:48.0084 0x10bc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:30:48.0110 0x10bc ACPI - ok
12:30:48.0131 0x10bc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:30:48.0210 0x10bc AcpiPmi - ok
12:30:48.0304 0x10bc [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:30:48.0333 0x10bc AdobeARMservice - ok
12:30:48.0465 0x10bc [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:48.0498 0x10bc AdobeFlashPlayerUpdateSvc - ok
12:30:48.0542 0x10bc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:30:48.0576 0x10bc adp94xx - ok
12:30:48.0604 0x10bc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:30:48.0631 0x10bc adpahci - ok
12:30:48.0642 0x10bc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:30:48.0665 0x10bc adpu320 - ok
12:30:48.0688 0x10bc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:30:48.0780 0x10bc AeLookupSvc - ok
12:30:48.0830 0x10bc [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc C:\Windows\syswow64\drivers\Afc.sys
12:30:48.0862 0x10bc Afc - ok
12:30:48.0984 0x10bc [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
12:30:49.0057 0x10bc AFD - ok
12:30:49.0100 0x10bc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:30:49.0133 0x10bc agp440 - ok
12:30:49.0143 0x10bc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:30:49.0190 0x10bc ALG - ok
12:30:49.0202 0x10bc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:30:49.0218 0x10bc aliide - ok
12:30:49.0272 0x10bc [ E20DDDFBD0DBE7D8EAD4D7A51D654367, 62164C58655318E7453C6136BE845091D6244A69BD762F1D588605670BA66B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:30:49.0401 0x10bc AMD External Events Utility - ok
12:30:49.0557 0x10bc AMD FUEL Service - ok
12:30:49.0576 0x10bc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:30:49.0617 0x10bc amdide - ok
12:30:49.0654 0x10bc [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
12:30:49.0678 0x10bc amdiox64 - ok
12:30:49.0701 0x10bc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:30:49.0757 0x10bc AmdK8 - ok
12:30:50.0187 0x10bc [ 4284FB1240537A33E6EC417EFD87D40F, DAD37EBDCD57C8559FD9395AED7FA85BCA1EDB0337CD2A4F7613E869D859B3F2 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:30:50.0791 0x10bc amdkmdag - ok
12:30:50.0872 0x10bc [ 6C25C497E05EFD0CB6033A0444FC9B51, 318318F06545869D5E17C6CC9E48109790C2F3A5E65779CB1569A10610136B34 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:30:50.0919 0x10bc amdkmdap - ok
12:30:50.0944 0x10bc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:30:50.0971 0x10bc AmdPPM - ok
12:30:51.0038 0x10bc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:30:51.0088 0x10bc amdsata - ok
12:30:51.0106 0x10bc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:30:51.0129 0x10bc amdsbs - ok
12:30:51.0140 0x10bc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:30:51.0157 0x10bc amdxata - ok
12:30:51.0260 0x10bc [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:30:51.0302 0x10bc AntiVirSchedulerService - ok
12:30:51.0354 0x10bc [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:30:51.0381 0x10bc AntiVirService - ok
12:30:51.0426 0x10bc [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:30:51.0462 0x10bc AODDriver4.01 - ok
12:30:51.0484 0x10bc [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:30:51.0510 0x10bc AODDriver4.1 - ok
12:30:51.0543 0x10bc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:30:51.0665 0x10bc AppID - ok
12:30:51.0687 0x10bc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:30:51.0739 0x10bc AppIDSvc - ok
12:30:51.0763 0x10bc [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
12:30:51.0858 0x10bc Appinfo - ok
12:30:51.0884 0x10bc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:30:51.0904 0x10bc arc - ok
12:30:51.0916 0x10bc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:30:51.0936 0x10bc arcsas - ok
12:30:51.0976 0x10bc [ 1CE3822B05A5E229286A15EA39369870, B5825DA3AB2F312A57E4E2632EA7BC373497DE5BAC1F605EA2C9B5175FBF7B8F ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:30:51.0990 0x10bc ArcSoftKsUFilter - ok
12:30:52.0117 0x10bc [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:30:52.0158 0x10bc aspnet_state - ok
12:30:52.0176 0x10bc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:30:52.0228 0x10bc AsyncMac - ok
12:30:52.0257 0x10bc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:30:52.0269 0x10bc atapi - ok
12:30:52.0322 0x10bc [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:30:52.0340 0x10bc AtiHDAudioService - ok
12:30:52.0702 0x10bc [ 4284FB1240537A33E6EC417EFD87D40F, DAD37EBDCD57C8559FD9395AED7FA85BCA1EDB0337CD2A4F7613E869D859B3F2 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:30:53.0041 0x10bc atikmdag - ok
12:30:53.0099 0x10bc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:30:53.0165 0x10bc AudioEndpointBuilder - ok
12:30:53.0185 0x10bc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:30:53.0234 0x10bc AudioSrv - ok
12:30:53.0284 0x10bc [ 7806BFCD1D7FA5EC23F7324D4EAFD25B, 4EDFD9DE520728AF6578BED0054ED6A4976A7F020F3329EA6681D6E361D9DB2D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:30:53.0314 0x10bc avgntflt - ok
12:30:53.0357 0x10bc [ C3A58DBD18786C338126D30BF8C33D72, 4DF4D37AB5139548C2DA4B4C8D6B933A7F4ED001BCA089EFBC8C57EEDE8785A6 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:30:53.0377 0x10bc avipbb - ok
12:30:53.0427 0x10bc [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:30:53.0450 0x10bc avkmgr - ok
12:30:53.0491 0x10bc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:30:53.0637 0x10bc AxInstSV - ok
12:30:53.0691 0x10bc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:30:53.0785 0x10bc b06bdrv - ok
12:30:53.0812 0x10bc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:30:53.0862 0x10bc b57nd60a - ok
12:30:53.0896 0x10bc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:30:53.0937 0x10bc BDESVC - ok
12:30:53.0950 0x10bc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:30:54.0050 0x10bc Beep - ok
12:30:54.0198 0x10bc [ B62ABDC39B36184B6B8B9E71A8685F52, 2B9FD036B110CBA232219F592E6B4C8A2E9F47CC86605B3682B1FD4F34BE6E94 ] BEHRINGER_2902 C:\Windows\system32\Drivers\BUSB2902.sys
12:30:54.0237 0x10bc BEHRINGER_2902 - ok
12:30:54.0323 0x10bc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:30:54.0377 0x10bc BFE - ok
12:30:54.0422 0x10bc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:30:54.0544 0x10bc BITS - ok
12:30:54.0560 0x10bc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:30:54.0586 0x10bc blbdrive - ok
12:30:54.0665 0x10bc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:30:54.0705 0x10bc Bonjour Service - ok
12:30:54.0745 0x10bc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:30:54.0800 0x10bc bowser - ok
12:30:54.0825 0x10bc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:30:54.0906 0x10bc BrFiltLo - ok
12:30:54.0927 0x10bc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:30:54.0955 0x10bc BrFiltUp - ok
12:30:54.0990 0x10bc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:30:55.0013 0x10bc Browser - ok
12:30:55.0200 0x10bc [ 18994CC7A0664F9C8E495F09C38E2FCD, 176CE414757F5C789C51FF7C7620BED77C69B7A10490304F8001FAF5D94A59A1 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
12:30:55.0283 0x10bc BrowserProtect - ok
12:30:55.0305 0x10bc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:30:55.0361 0x10bc Brserid - ok
12:30:55.0378 0x10bc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:30:55.0404 0x10bc BrSerWdm - ok
12:30:55.0419 0x10bc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:30:55.0462 0x10bc BrUsbMdm - ok
12:30:55.0472 0x10bc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:30:55.0499 0x10bc BrUsbSer - ok
12:30:55.0545 0x10bc [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:30:55.0556 0x10bc BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:30:55.0648 0x10bc BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
12:30:58.0988 0x10bc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:30:59.0062 0x10bc BTHMODEM - ok
12:30:59.0088 0x10bc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:30:59.0156 0x10bc bthserv - ok
12:30:59.0229 0x10bc [ AEC85FF9A00DD9EE7605AFC66949F228, BD6EDF76A11276E46E776AA183D4BE627F8A9E065AE07B8B54FFDBBC231D104F ] BUSB_AUDIO_WDM C:\Windows\system32\drivers\busbwdm.sys
12:30:59.0265 0x10bc BUSB_AUDIO_WDM - ok
12:30:59.0284 0x10bc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:30:59.0327 0x10bc cdfs - ok
12:30:59.0382 0x10bc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:30:59.0440 0x10bc cdrom - ok
12:30:59.0487 0x10bc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:30:59.0535 0x10bc CertPropSvc - ok
12:30:59.0547 0x10bc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:30:59.0574 0x10bc circlass - ok
12:30:59.0600 0x10bc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:30:59.0622 0x10bc CLFS - ok
12:30:59.0669 0x10bc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:59.0682 0x10bc clr_optimization_v2.0.50727_32 - ok
12:30:59.0709 0x10bc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:30:59.0723 0x10bc clr_optimization_v2.0.50727_64 - ok
12:30:59.0783 0x10bc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:59.0817 0x10bc clr_optimization_v4.0.30319_32 - ok
12:30:59.0829 0x10bc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:30:59.0858 0x10bc clr_optimization_v4.0.30319_64 - ok
12:30:59.0882 0x10bc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:30:59.0907 0x10bc CmBatt - ok
12:30:59.0918 0x10bc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:30:59.0934 0x10bc cmdide - ok
12:30:59.0980 0x10bc [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
12:31:00.0034 0x10bc CNG - ok
12:31:00.0044 0x10bc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:31:00.0061 0x10bc Compbatt - ok
12:31:00.0100 0x10bc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:31:00.0129 0x10bc CompositeBus - ok
12:31:00.0138 0x10bc COMSysApp - ok
12:31:00.0153 0x10bc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:31:00.0170 0x10bc crcdisk - ok
12:31:00.0205 0x10bc [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:31:00.0267 0x10bc CryptSvc - ok
12:31:00.0311 0x10bc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:31:00.0368 0x10bc DcomLaunch - ok
12:31:00.0398 0x10bc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:31:00.0452 0x10bc defragsvc - ok
12:31:00.0493 0x10bc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:31:00.0539 0x10bc DfsC - ok
12:31:00.0569 0x10bc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:31:00.0611 0x10bc Dhcp - ok
12:31:00.0628 0x10bc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:31:00.0685 0x10bc discache - ok
12:31:00.0716 0x10bc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:31:00.0735 0x10bc Disk - ok
12:31:00.0773 0x10bc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:31:00.0818 0x10bc Dnscache - ok
12:31:00.0851 0x10bc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:31:00.0914 0x10bc dot3svc - ok
12:31:00.0948 0x10bc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:31:00.0993 0x10bc DPS - ok
12:31:01.0021 0x10bc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:31:01.0048 0x10bc drmkaud - ok
12:31:01.0091 0x10bc [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:31:01.0109 0x10bc dtsoftbus01 - ok
12:31:01.0165 0x10bc [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:31:01.0211 0x10bc DXGKrnl - ok
12:31:01.0231 0x10bc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:31:01.0274 0x10bc EapHost - ok
12:31:01.0406 0x10bc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:31:01.0545 0x10bc ebdrv - ok
12:31:01.0579 0x10bc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
12:31:01.0639 0x10bc EFS - ok
12:31:01.0698 0x10bc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:31:01.0761 0x10bc ehRecvr - ok
12:31:01.0783 0x10bc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:31:01.0805 0x10bc ehSched - ok
12:31:01.0845 0x10bc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:31:01.0878 0x10bc elxstor - ok
12:31:01.0901 0x10bc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:31:01.0923 0x10bc ErrDev - ok
12:31:01.0960 0x10bc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:31:02.0019 0x10bc EventSystem - ok
12:31:02.0083 0x10bc [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:31:02.0158 0x10bc ew_hwusbdev - ok
12:31:02.0184 0x10bc [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:31:02.0226 0x10bc ew_usbenumfilter - ok
12:31:02.0256 0x10bc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:31:02.0303 0x10bc exfat - ok
12:31:02.0347 0x10bc Fabs - ok
12:31:02.0376 0x10bc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:31:02.0457 0x10bc fastfat - ok
12:31:02.0509 0x10bc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:31:02.0564 0x10bc Fax - ok
12:31:02.0576 0x10bc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:31:02.0602 0x10bc fdc - ok
12:31:02.0615 0x10bc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:31:02.0660 0x10bc fdPHost - ok
12:31:02.0670 0x10bc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:31:02.0723 0x10bc FDResPub - ok
12:31:02.0741 0x10bc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:31:02.0760 0x10bc FileInfo - ok
12:31:02.0776 0x10bc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:31:02.0828 0x10bc Filetrace - ok
12:31:02.0924 0x10bc [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:31:03.0048 0x10bc FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
12:31:03.0048 0x10bc FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:31:06.0432 0x10bc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:31:06.0465 0x10bc flpydisk - ok
12:31:06.0499 0x10bc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:31:06.0526 0x10bc FltMgr - ok
12:31:06.0612 0x10bc [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache C:\Windows\system32\FntCache.dll
12:31:06.0678 0x10bc FontCache - ok
12:31:06.0720 0x10bc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:31:06.0748 0x10bc FontCache3.0.0.0 - ok
12:31:06.0763 0x10bc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:31:06.0788 0x10bc FsDepends - ok
12:31:06.0814 0x10bc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:31:06.0831 0x10bc Fs_Rec - ok
12:31:06.0881 0x10bc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:31:06.0926 0x10bc fvevol - ok
12:31:06.0941 0x10bc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:31:06.0959 0x10bc gagp30kx - ok
12:31:07.0012 0x10bc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:31:07.0083 0x10bc gpsvc - ok
12:31:07.0094 0x10bc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:31:07.0157 0x10bc hcw85cir - ok
12:31:07.0223 0x10bc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:31:07.0276 0x10bc HdAudAddService - ok
12:31:07.0299 0x10bc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:31:07.0327 0x10bc HDAudBus - ok
12:31:07.0347 0x10bc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:31:07.0378 0x10bc HidBatt - ok
12:31:07.0389 0x10bc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:31:07.0411 0x10bc HidBth - ok
12:31:07.0426 0x10bc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:31:07.0463 0x10bc HidIr - ok
12:31:07.0491 0x10bc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:31:07.0544 0x10bc hidserv - ok
12:31:07.0574 0x10bc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:31:07.0591 0x10bc HidUsb - ok
12:31:07.0621 0x10bc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:31:07.0659 0x10bc hkmsvc - ok
12:31:07.0686 0x10bc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:31:07.0737 0x10bc HomeGroupListener - ok
12:31:07.0768 0x10bc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:31:07.0793 0x10bc HomeGroupProvider - ok
12:31:07.0813 0x10bc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:31:07.0833 0x10bc HpSAMD - ok
12:31:07.0912 0x10bc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:31:07.0996 0x10bc HTTP - ok
12:31:08.0034 0x10bc [ 4DBBFCE863FE1B64C770EB53A3BA5860, DA77FB5D865779834CDCEE74200B9346FA3A4D0465F7A49C877ED6F786232CEF ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
12:31:08.0119 0x10bc huawei_cdcacm - ok
12:31:08.0142 0x10bc [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:31:08.0180 0x10bc huawei_enumerator - ok
12:31:08.0202 0x10bc [ DF65F49F3A108AB509D675312FC896B8, E88F15DED4346E127F182B3D1DA2D1506998844212940281355C8ED96776141C ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
12:31:08.0248 0x10bc huawei_ext_ctrl - ok
12:31:08.0277 0x10bc [ 962032D69A8CA503F030F311CF4487B7, 1E4009A0CA6F73D02171D14FDCC875E5AD36C6CE50F1F1B1642741A0914703EB ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
12:31:08.0329 0x10bc huawei_wwanecm - ok
12:31:08.0406 0x10bc [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
12:31:08.0444 0x10bc HWDeviceService64.exe - ok
12:31:08.0472 0x10bc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:31:08.0488 0x10bc hwpolicy - ok
12:31:08.0527 0x10bc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:31:08.0549 0x10bc i8042prt - ok
12:31:08.0599 0x10bc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:31:08.0629 0x10bc iaStorV - ok
12:31:08.0724 0x10bc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:31:08.0759 0x10bc idsvc - ok
12:31:08.0786 0x10bc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:31:08.0804 0x10bc iirsp - ok
12:31:08.0846 0x10bc [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
12:31:08.0913 0x10bc IKEEXT - ok
12:31:08.0925 0x10bc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:31:08.0941 0x10bc intelide - ok
12:31:08.0960 0x10bc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:31:08.0992 0x10bc intelppm - ok
12:31:09.0028 0x10bc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:31:09.0086 0x10bc IPBusEnum - ok
12:31:09.0118 0x10bc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:31:09.0156 0x10bc IpFilterDriver - ok
12:31:09.0202 0x10bc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:31:09.0262 0x10bc iphlpsvc - ok
12:31:09.0294 0x10bc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:31:09.0316 0x10bc IPMIDRV - ok
12:31:09.0336 0x10bc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:31:09.0387 0x10bc IPNAT - ok
12:31:09.0410 0x10bc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:31:09.0461 0x10bc IRENUM - ok
12:31:09.0494 0x10bc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:31:09.0528 0x10bc isapnp - ok
12:31:09.0556 0x10bc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:31:09.0592 0x10bc iScsiPrt - ok
12:31:09.0616 0x10bc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:31:09.0634 0x10bc kbdclass - ok
12:31:09.0647 0x10bc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:31:09.0671 0x10bc kbdhid - ok
12:31:09.0685 0x10bc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
12:31:09.0698 0x10bc KeyIso - ok
12:31:09.0728 0x10bc [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:31:09.0748 0x10bc KSecDD - ok
12:31:09.0782 0x10bc [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:31:09.0805 0x10bc KSecPkg - ok
12:31:09.0815 0x10bc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:31:09.0863 0x10bc ksthunk - ok
12:31:09.0896 0x10bc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:31:09.0958 0x10bc KtmRm - ok
12:31:09.0998 0x10bc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:31:10.0044 0x10bc LanmanServer - ok
12:31:10.0076 0x10bc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:31:10.0119 0x10bc LanmanWorkstation - ok
12:31:10.0149 0x10bc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:31:10.0187 0x10bc lltdio - ok
12:31:10.0215 0x10bc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:31:10.0278 0x10bc lltdsvc - ok
12:31:10.0284 0x10bc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:31:10.0321 0x10bc lmhosts - ok
12:31:10.0347 0x10bc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:31:10.0367 0x10bc LSI_FC - ok
12:31:10.0377 0x10bc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:31:10.0398 0x10bc LSI_SAS - ok
12:31:10.0411 0x10bc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:31:10.0431 0x10bc LSI_SAS2 - ok
12:31:10.0450 0x10bc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:31:10.0470 0x10bc LSI_SCSI - ok
12:31:10.0492 0x10bc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:31:10.0542 0x10bc luafv - ok
12:31:10.0581 0x10bc [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
12:31:10.0607 0x10bc mcdbus - ok
12:31:10.0635 0x10bc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:31:10.0674 0x10bc Mcx2Svc - ok
12:31:10.0691 0x10bc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:31:10.0708 0x10bc megasas - ok
12:31:10.0731 0x10bc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:31:10.0757 0x10bc MegaSR - ok
12:31:10.0780 0x10bc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:31:10.0825 0x10bc MMCSS - ok
12:31:10.0841 0x10bc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:31:10.0886 0x10bc Modem - ok
12:31:10.0900 0x10bc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:31:10.0927 0x10bc monitor - ok
12:31:10.0943 0x10bc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:31:10.0962 0x10bc mouclass - ok
12:31:10.0978 0x10bc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:31:11.0003 0x10bc mouhid - ok
12:31:11.0037 0x10bc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:31:11.0058 0x10bc mountmgr - ok
12:31:11.0146 0x10bc [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:31:11.0186 0x10bc MozillaMaintenance - ok
12:31:11.0202 0x10bc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:31:11.0227 0x10bc mpio - ok
12:31:11.0253 0x10bc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:31:11.0305 0x10bc mpsdrv - ok
12:31:11.0349 0x10bc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:31:11.0415 0x10bc MpsSvc - ok
12:31:11.0451 0x10bc [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:31:11.0502 0x10bc MRxDAV - ok
12:31:11.0540 0x10bc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:31:11.0611 0x10bc mrxsmb - ok
12:31:11.0648 0x10bc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:31:11.0689 0x10bc mrxsmb10 - ok
12:31:11.0719 0x10bc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:31:11.0756 0x10bc mrxsmb20 - ok
12:31:11.0783 0x10bc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:31:11.0800 0x10bc msahci - ok
12:31:11.0830 0x10bc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:31:11.0853 0x10bc msdsm - ok
12:31:11.0873 0x10bc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:31:11.0908 0x10bc MSDTC - ok
12:31:11.0929 0x10bc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:31:11.0964 0x10bc Msfs - ok
12:31:11.0975 0x10bc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:31:12.0018 0x10bc mshidkmdf - ok
12:31:12.0043 0x10bc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:31:12.0059 0x10bc msisadrv - ok
12:31:12.0081 0x10bc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:31:12.0134 0x10bc MSiSCSI - ok
12:31:12.0138 0x10bc msiserver - ok
12:31:12.0168 0x10bc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:31:12.0240 0x10bc MSKSSRV - ok
12:31:12.0262 0x10bc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:31:12.0309 0x10bc MSPCLOCK - ok
12:31:12.0325 0x10bc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:31:12.0364 0x10bc MSPQM - ok
12:31:12.0398 0x10bc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:31:12.0426 0x10bc MsRPC - ok
12:31:12.0502 0x10bc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:31:12.0536 0x10bc mssmbios - ok
12:31:12.0708 0x10bc MSSQL$SQLEXPRESS - ok
12:31:12.0837 0x10bc [ 7A2A8C975356858EB38466A6B1592E8D, 97C3DFCCBE1BA92EE7E4848993D6F369D543A53344A6512C84EF03E7D737A482 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:31:12.0898 0x10bc MSSQLServerADHelper100 - ok
12:31:12.0928 0x10bc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:31:13.0023 0x10bc MSTEE - ok
12:31:13.0058 0x10bc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:31:13.0125 0x10bc MTConfig - ok
12:31:13.0167 0x10bc [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:31:13.0199 0x10bc MTsensor - ok
12:31:13.0225 0x10bc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:31:13.0250 0x10bc Mup - ok
12:31:13.0314 0x10bc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:31:13.0374 0x10bc napagent - ok
12:31:13.0405 0x10bc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:31:13.0448 0x10bc NativeWifiP - ok
12:31:13.0535 0x10bc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:31:13.0575 0x10bc NDIS - ok
12:31:13.0587 0x10bc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:31:13.0624 0x10bc NdisCap - ok
12:31:13.0644 0x10bc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:31:13.0692 0x10bc NdisTapi - ok
12:31:13.0723 0x10bc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:31:13.0769 0x10bc Ndisuio - ok
12:31:13.0795 0x10bc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:31:13.0846 0x10bc NdisWan - ok
12:31:13.0877 0x10bc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:31:13.0923 0x10bc NDProxy - ok
12:31:13.0939 0x10bc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:31:13.0984 0x10bc NetBIOS - ok
12:31:14.0027 0x10bc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:31:14.0084 0x10bc NetBT - ok
12:31:14.0098 0x10bc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
12:31:14.0111 0x10bc Netlogon - ok
12:31:14.0142 0x10bc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:31:14.0192 0x10bc Netman - ok
12:31:14.0234 0x10bc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0248 0x10bc NetMsmqActivator - ok
12:31:14.0268 0x10bc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0281 0x10bc NetPipeActivator - ok
12:31:14.0306 0x10bc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:31:14.0359 0x10bc netprofm - ok
12:31:14.0382 0x10bc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0396 0x10bc NetTcpActivator - ok
12:31:14.0402 0x10bc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:31:14.0416 0x10bc NetTcpPortSharing - ok
12:31:14.0441 0x10bc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:31:14.0460 0x10bc nfrd960 - ok
12:31:14.0721 0x10bc [ 0BCB418C2906852C6F9347A258FD5711, 14AB1F890A6C8679B94601924C95756EC5FF3973684CD19079B5DAFF028FE7B4 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
12:31:14.0904 0x10bc NIHardwareService - detected UnsignedFile.Multi.Generic ( 1 )
12:31:14.0904 0x10bc NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
12:31:18.0424 0x10bc [ 8156507DFAFA673D744A28415EC737FD, E8FA5DB92BED494A6CC3058919BB44EB75C14064E789082DB09874E635D82EFD ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
12:31:18.0459 0x10bc NitroDriverReadSpool - ok
12:31:18.0547 0x10bc [ AED45983165B3B9526757204FFCEA651, 9C6626E51256972EC885277FED6334E9F2EC13B97EB635611E3FD5AD96ABD9A4 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
12:31:18.0578 0x10bc NitroReaderDriverReadSpool3 - ok
12:31:18.0596 0x10bc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:31:18.0625 0x10bc NlaSvc - ok
12:31:18.0646 0x10bc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:31:18.0682 0x10bc Npfs - ok
12:31:18.0706 0x10bc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:31:18.0756 0x10bc nsi - ok
12:31:18.0780 0x10bc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:31:18.0828 0x10bc nsiproxy - ok
12:31:18.0939 0x10bc [ E453ACF4E7D44E5530B5D5F2B9CA8563, 85EEBCBB3187A21282619A0264C10E9E52EFE4387F3425D3D279EF460DA3AD06 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:31:19.0009 0x10bc Ntfs - ok
12:31:19.0023 0x10bc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:31:19.0070 0x10bc Null - ok
12:31:19.0100 0x10bc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:31:19.0148 0x10bc nvraid - ok
12:31:19.0166 0x10bc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:31:19.0188 0x10bc nvstor - ok
12:31:19.0218 0x10bc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:31:19.0239 0x10bc nv_agp - ok
12:31:19.0261 0x10bc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:31:19.0282 0x10bc ohci1394 - ok
12:31:19.0351 0x10bc [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:31:19.0382 0x10bc ose - ok
12:31:19.0568 0x10bc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:31:19.0720 0x10bc osppsvc - ok
12:31:19.0754 0x10bc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:31:19.0816 0x10bc p2pimsvc - ok
12:31:19.0845 0x10bc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:31:19.0882 0x10bc p2psvc - ok
12:31:19.0940 0x10bc [ 3A6DCEB1848470320E4A3C12D7A35B1C, B1BF8305CEC4F5AC250B8EC8C36B93F90E6DDD267AFAAF654A0D6AD555A7FA92 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
12:31:19.0995 0x10bc PAC207 - ok
12:31:20.0097 0x10bc [ 77CDC6C43D8C3E05D0E21B36EAABEBAE, 4B81147E8ACD04636F5381BC5D121F428F946C7735C97CD3E1C3BCCD47D0F5BB ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
12:31:20.0130 0x10bc PanService - ok
12:31:20.0155 0x10bc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:31:20.0175 0x10bc Parport - ok
12:31:20.0206 0x10bc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:31:20.0226 0x10bc partmgr - ok
12:31:20.0243 0x10bc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:31:20.0278 0x10bc PcaSvc - ok
12:31:20.0313 0x10bc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:31:20.0337 0x10bc pci - ok
12:31:20.0345 0x10bc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:31:20.0361 0x10bc pciide - ok
12:31:20.0382 0x10bc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:31:20.0408 0x10bc pcmcia - ok
12:31:20.0423 0x10bc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:31:20.0442 0x10bc pcw - ok
12:31:20.0512 0x10bc [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
12:31:20.0573 0x10bc PDFProFiltSrvPP - ok
12:31:20.0605 0x10bc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:31:20.0684 0x10bc PEAUTH - ok
12:31:20.0741 0x10bc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:31:20.0784 0x10bc PerfHost - ok
12:31:20.0858 0x10bc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:31:20.0951 0x10bc pla - ok
12:31:20.0992 0x10bc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:31:21.0029 0x10bc PlugPlay - ok
12:31:21.0038 0x10bc PnkBstrA - ok
12:31:21.0062 0x10bc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:31:21.0090 0x10bc PNRPAutoReg - ok
12:31:21.0112 0x10bc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:31:21.0133 0x10bc PNRPsvc - ok
12:31:21.0165 0x10bc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:31:21.0235 0x10bc PolicyAgent - ok
12:31:21.0260 0x10bc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:31:21.0310 0x10bc Power - ok
12:31:21.0342 0x10bc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:31:21.0382 0x10bc PptpMiniport - ok
12:31:21.0394 0x10bc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:31:21.0426 0x10bc Processor - ok
12:31:21.0460 0x10bc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:31:21.0497 0x10bc ProfSvc - ok
12:31:21.0508 0x10bc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:31:21.0522 0x10bc ProtectedStorage - ok
12:31:21.0557 0x10bc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:31:21.0604 0x10bc Psched - ok
12:31:21.0656 0x10bc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:31:21.0717 0x10bc ql2300 - ok
12:31:21.0736 0x10bc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:31:21.0758 0x10bc ql40xx - ok
12:31:21.0780 0x10bc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:31:21.0821 0x10bc QWAVE - ok
12:31:21.0826 0x10bc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:31:21.0853 0x10bc QWAVEdrv - ok
12:31:21.0864 0x10bc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:31:21.0899 0x10bc RasAcd - ok
12:31:21.0929 0x10bc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:31:21.0967 0x10bc RasAgileVpn - ok
12:31:21.0974 0x10bc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:31:22.0027 0x10bc RasAuto - ok
12:31:22.0057 0x10bc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:31:22.0108 0x10bc Rasl2tp - ok
12:31:22.0141 0x10bc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:31:22.0201 0x10bc RasMan - ok
12:31:22.0223 0x10bc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:31:22.0270 0x10bc RasPppoe - ok
12:31:22.0283 0x10bc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:31:22.0323 0x10bc RasSstp - ok
12:31:22.0363 0x10bc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:31:22.0411 0x10bc rdbss - ok
12:31:22.0423 0x10bc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:31:22.0448 0x10bc rdpbus - ok
12:31:22.0465 0x10bc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:31:22.0509 0x10bc RDPCDD - ok
12:31:22.0532 0x10bc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:31:22.0576 0x10bc RDPENCDD - ok
12:31:22.0589 0x10bc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:31:22.0623 0x10bc RDPREFMP - ok
12:31:22.0659 0x10bc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:31:22.0724 0x10bc RDPWD - ok
12:31:22.0761 0x10bc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:31:22.0793 0x10bc rdyboost - ok
12:31:22.0810 0x10bc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:31:22.0866 0x10bc RemoteAccess - ok
12:31:22.0892 0x10bc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:31:22.0946 0x10bc RemoteRegistry - ok
12:31:22.0959 0x10bc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:31:23.0005 0x10bc RpcEptMapper - ok
12:31:23.0028 0x10bc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:31:23.0050 0x10bc RpcLocator - ok
12:31:23.0088 0x10bc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:31:23.0134 0x10bc RpcSs - ok
12:31:23.0180 0x10bc [ CD553B8633466A6D1C115812F2619F1F, B39B38DE8B97209BEABDBF062832A1BDE2303450238B9A4723829958C5C81A6B ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
12:31:23.0206 0x10bc RsFx0103 - ok
12:31:23.0242 0x10bc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:31:23.0315 0x10bc rspndr - ok
12:31:23.0347 0x10bc [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:31:23.0370 0x10bc RTL8167 - ok
12:31:23.0379 0x10bc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
12:31:23.0393 0x10bc SamSs - ok
12:31:23.0423 0x10bc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:31:23.0445 0x10bc sbp2port - ok
12:31:23.0478 0x10bc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:31:23.0532 0x10bc SCardSvr - ok
12:31:23.0582 0x10bc [ 3AC948640421E3891A49AA83C6B77B7A, 537EA4CE047436B07D6309889AB4E2CB1CECA3BCE624FA204BEAE50717534B59 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
12:31:23.0622 0x10bc SCDEmu - ok
12:31:23.0649 0x10bc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:31:23.0732 0x10bc scfilter - ok
12:31:23.0784 0x10bc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:31:23.0865 0x10bc Schedule - ok
12:31:23.0894 0x10bc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:31:23.0927 0x10bc SCPolicySvc - ok
12:31:23.0962 0x10bc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:31:24.0031 0x10bc SDRSVC - ok
12:31:24.0054 0x10bc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:31:24.0112 0x10bc secdrv - ok
12:31:24.0142 0x10bc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:31:24.0192 0x10bc seclogon - ok
12:31:24.0207 0x10bc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:31:24.0253 0x10bc SENS - ok
12:31:24.0267 0x10bc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:31:24.0306 0x10bc SensrSvc - ok
12:31:24.0317 0x10bc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:31:24.0334 0x10bc Serenum - ok
12:31:24.0349 0x10bc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:31:24.0376 0x10bc Serial - ok
12:31:24.0402 0x10bc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:31:24.0446 0x10bc sermouse - ok
12:31:24.0486 0x10bc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:31:24.0532 0x10bc SessionEnv - ok
12:31:24.0559 0x10bc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:31:24.0617 0x10bc sffdisk - ok
12:31:24.0637 0x10bc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:31:24.0668 0x10bc sffp_mmc - ok
12:31:24.0674 0x10bc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:31:24.0701 0x10bc sffp_sd - ok
12:31:24.0713 0x10bc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:31:24.0729 0x10bc sfloppy - ok
12:31:24.0752 0x10bc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:31:24.0819 0x10bc SharedAccess - ok
12:31:24.0858 0x10bc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:31:24.0901 0x10bc ShellHWDetection - ok
12:31:24.0916 0x10bc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:31:24.0934 0x10bc SiSRaid2 - ok
12:31:24.0940 0x10bc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:31:24.0959 0x10bc SiSRaid4 - ok
12:31:25.0005 0x10bc [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:31:25.0020 0x10bc SkypeUpdate - ok
12:31:25.0042 0x10bc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:31:25.0082 0x10bc Smb - ok
12:31:25.0111 0x10bc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:31:25.0129 0x10bc SNMPTRAP - ok
12:31:25.0148 0x10bc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:31:25.0164 0x10bc spldr - ok
12:31:25.0208 0x10bc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:31:25.0272 0x10bc Spooler - ok
12:31:25.0390 0x10bc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:31:25.0547 0x10bc sppsvc - ok
12:31:25.0560 0x10bc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:31:25.0614 0x10bc sppuinotify - ok
12:31:25.0629 0x10bc sptd - ok
12:31:25.0726 0x10bc [ 12E6D95CDE974B131DEFAA44BAB8B056, 3FEF55D97915BDB222E3A60B50D53BBD8D9C0FDFF85EDC025B8EFD33E575E596 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:31:25.0759 0x10bc SQLAgent$SQLEXPRESS - ok
12:31:25.0816 0x10bc [ B54B48F6D92423440C264E91225C5FF1, 7484D90CE309555E1FB54F011A2980D8491354223111B7AA16D1D2473570DC19 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:31:25.0843 0x10bc SQLBrowser - ok
12:31:25.0911 0x10bc [ 6D65985945B03CA59B67D0B73702FC7B, B491EEFBCA2BB1145047AAF6A2DA02B012F3530F8B9306425486462358BD82CA ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:31:25.0958 0x10bc SQLWriter - ok
12:31:26.0007 0x10bc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:31:26.0083 0x10bc srv - ok
12:31:26.0115 0x10bc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:31:26.0165 0x10bc srv2 - ok
12:31:26.0190 0x10bc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:31:26.0276 0x10bc srvnet - ok
12:31:26.0376 0x10bc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:31:26.0457 0x10bc SSDPSRV - ok
12:31:26.0468 0x10bc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:31:26.0508 0x10bc SstpSvc - ok
12:31:26.0528 0x10bc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:31:26.0545 0x10bc stexstor - ok
12:31:26.0587 0x10bc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:31:26.0633 0x10bc stisvc - ok
12:31:26.0658 0x10bc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:31:26.0674 0x10bc swenum - ok
12:31:26.0695 0x10bc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:31:26.0762 0x10bc swprv - ok
12:31:26.0835 0x10bc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:31:26.0917 0x10bc SysMain - ok
12:31:26.0942 0x10bc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:31:26.0979 0x10bc TabletInputService - ok
12:31:27.0004 0x10bc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:31:27.0067 0x10bc TapiSrv - ok
12:31:27.0082 0x10bc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:31:27.0125 0x10bc TBS - ok
12:31:27.0228 0x10bc [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:31:27.0311 0x10bc Tcpip - ok
12:31:27.0367 0x10bc [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:31:27.0425 0x10bc TCPIP6 - ok
12:31:27.0460 0x10bc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:31:27.0478 0x10bc tcpipreg - ok
12:31:27.0511 0x10bc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:31:27.0566 0x10bc TDPIPE - ok
12:31:27.0597 0x10bc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:31:27.0650 0x10bc TDTCP - ok
12:31:27.0693 0x10bc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:31:27.0772 0x10bc tdx - ok
12:31:27.0807 0x10bc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:31:27.0825 0x10bc TermDD - ok
12:31:27.0861 0x10bc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:31:27.0924 0x10bc TermService - ok
12:31:27.0957 0x10bc [ 9201BE2BAB8A9FF8E20D8439AE3BB04D, D973C4FE5B8D02B15476D72B49105840A04DBFF8BCB77117C0354D046E6C02FB ] Themes C:\Windows\system32\themeservice.dll
12:31:27.0974 0x10bc Themes - detected UnsignedFile.Multi.Generic ( 1 )
12:31:27.0974 0x10bc Themes ( UnsignedFile.Multi.Generic ) - warning
12:31:27.0974 0x10bc Force sending object to P2P due to detect: C:\Windows\system32\themeservice.dll
12:31:31.0980 0x10bc Object send P2P result: true
12:31:35.0714 0x10bc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:31:35.0782 0x10bc THREADORDER - ok
12:31:35.0806 0x10bc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:31:35.0852 0x10bc TrkWks - ok
12:31:35.0890 0x10bc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:31:35.0935 0x10bc TrustedInstaller - ok
12:31:35.0962 0x10bc [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:31:35.0998 0x10bc tssecsrv - ok
12:31:36.0038 0x10bc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:31:36.0074 0x10bc TsUsbFlt - ok
12:31:36.0126 0x10bc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:31:36.0195 0x10bc tunnel - ok
12:31:36.0208 0x10bc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:31:36.0227 0x10bc uagp35 - ok
12:31:36.0338 0x10bc [ 63F6D08C54D5B3C1B12A6172032055C7, 87D872731D2C85E1A0ED3128CB7AB91AF00D830B0E4307054ABFD1D3900C990D ] uCamMonitor C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
12:31:36.0367 0x10bc uCamMonitor - ok
12:31:36.0412 0x10bc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:31:36.0484 0x10bc udfs - ok
12:31:36.0506 0x10bc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:31:36.0535 0x10bc UI0Detect - ok
12:31:36.0552 0x10bc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:31:36.0571 0x10bc uliagpkx - ok
12:31:36.0650 0x10bc [ 694BCF23662F97D987CF4C6739C35F8B, 6D7D57785C8F968514FAB383732F9E2FB15349369D17E3BD1C438B5E95EBD388 ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
12:31:36.0684 0x10bc UltraMonUtility - ok
12:31:36.0730 0x10bc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:31:36.0772 0x10bc umbus - ok
12:31:36.0796 0x10bc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:31:36.0833 0x10bc UmPass - ok
12:31:36.0874 0x10bc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:31:36.0936 0x10bc upnphost - ok
12:31:36.0971 0x10bc [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:31:36.0993 0x10bc USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
12:31:36.0993 0x10bc USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
12:31:40.0575 0x10bc [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:31:40.0646 0x10bc usbaudio - ok
12:31:40.0678 0x10bc [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:31:40.0719 0x10bc usbccgp - ok
12:31:40.0743 0x10bc [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:31:40.0776 0x10bc usbcir - ok
12:31:40.0796 0x10bc [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:31:40.0826 0x10bc usbehci - ok
12:31:40.0861 0x10bc [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:31:40.0905 0x10bc usbhub - ok
12:31:40.0916 0x10bc [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:31:40.0941 0x10bc usbohci - ok
12:31:40.0960 0x10bc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:31:40.0988 0x10bc usbprint - ok
12:31:41.0019 0x10bc [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:31:41.0039 0x10bc usbscan - ok
12:31:41.0053 0x10bc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:31:41.0126 0x10bc USBSTOR - ok
12:31:41.0145 0x10bc [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:31:41.0184 0x10bc usbuhci - ok
12:31:41.0238 0x10bc [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:31:41.0278 0x10bc usbvideo - ok
12:31:41.0301 0x10bc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:31:41.0346 0x10bc UxSms - ok
12:31:41.0364 0x10bc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
12:31:41.0377 0x10bc VaultSvc - ok
12:31:41.0403 0x10bc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:31:41.0421 0x10bc vdrvroot - ok
12:31:41.0464 0x10bc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:31:41.0532 0x10bc vds - ok
12:31:41.0553 0x10bc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:31:41.0572 0x10bc vga - ok
12:31:41.0588 0x10bc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:31:41.0636 0x10bc VgaSave - ok
12:31:41.0645 0x10bc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:31:41.0671 0x10bc vhdmp - ok
12:31:41.0766 0x10bc [ E066AA9C9866C2001372486A6841108C, 648E39962EDB3D77FBB5E2D5B603E16240AADE181A20E8778EE3D8847E4C0984 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:31:41.0851 0x10bc VIAHdAudAddService - ok
12:31:41.0871 0x10bc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:31:41.0887 0x10bc viaide - ok
12:31:41.0910 0x10bc [ 1236737C7993FB462610E1A0AA92C40B, 85385740AE7F885ACD605860AB2642DAC7456BB26C6615DAA9EE02AF54FEF77C ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
12:31:41.0921 0x10bc VIAKaraokeService - ok
12:31:41.0935 0x10bc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:31:41.0955 0x10bc volmgr - ok
12:31:41.0994 0x10bc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:31:42.0024 0x10bc volmgrx - ok
12:31:42.0040 0x10bc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:31:42.0068 0x10bc volsnap - ok
12:31:42.0090 0x10bc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:31:42.0112 0x10bc vsmraid - ok
12:31:42.0204 0x10bc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:31:42.0306 0x10bc VSS - ok
12:31:42.0319 0x10bc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:31:42.0349 0x10bc vwifibus - ok
12:31:42.0380 0x10bc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:31:42.0424 0x10bc W32Time - ok
12:31:42.0434 0x10bc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:31:42.0463 0x10bc WacomPen - ok
12:31:42.0481 0x10bc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:31:42.0524 0x10bc WANARP - ok
12:31:42.0536 0x10bc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:31:42.0569 0x10bc Wanarpv6 - ok
12:31:42.0685 0x10bc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:31:42.0754 0x10bc WatAdminSvc - ok
12:31:42.0821 0x10bc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:31:42.0902 0x10bc wbengine - ok
12:31:42.0919 0x10bc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:31:42.0953 0x10bc WbioSrvc - ok
12:31:42.0987 0x10bc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:31:43.0039 0x10bc wcncsvc - ok
12:31:43.0044 0x10bc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:31:43.0079 0x10bc WcsPlugInService - ok
12:31:43.0090 0x10bc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:31:43.0107 0x10bc Wd - ok
12:31:43.0153 0x10bc [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:31:43.0199 0x10bc Wdf01000 - ok
12:31:43.0221 0x10bc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:31:43.0317 0x10bc WdiServiceHost - ok
12:31:43.0325 0x10bc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:31:43.0353 0x10bc WdiSystemHost - ok
12:31:43.0388 0x10bc [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
12:31:43.0428 0x10bc WebClient - ok
12:31:43.0438 0x10bc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:31:43.0500 0x10bc Wecsvc - ok
12:31:43.0514 0x10bc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:31:43.0561 0x10bc wercplsupport - ok
12:31:43.0596 0x10bc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:31:43.0641 0x10bc WerSvc - ok
12:31:43.0666 0x10bc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:31:43.0700 0x10bc WfpLwf - ok
12:31:43.0713 0x10bc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:31:43.0730 0x10bc WIMMount - ok
12:31:43.0744 0x10bc WinDefend - ok
12:31:43.0752 0x10bc WinHttpAutoProxySvc - ok
12:31:43.0813 0x10bc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:31:43.0894 0x10bc Winmgmt - ok
12:31:43.0977 0x10bc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:31:44.0087 0x10bc WinRM - ok
12:31:44.0141 0x10bc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:31:44.0210 0x10bc Wlansvc - ok
12:31:44.0251 0x10bc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:31:44.0275 0x10bc WmiAcpi - ok
12:31:44.0294 0x10bc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:31:44.0327 0x10bc wmiApSrv - ok
12:31:44.0342 0x10bc WMPNetworkSvc - ok
12:31:44.0349 0x10bc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:31:44.0382 0x10bc WPCSvc - ok
12:31:44.0407 0x10bc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:31:44.0431 0x10bc WPDBusEnum - ok
12:31:44.0452 0x10bc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:31:44.0496 0x10bc ws2ifsl - ok
12:31:44.0510 0x10bc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:31:44.0541 0x10bc wscsvc - ok
12:31:44.0544 0x10bc WSearch - ok
12:31:44.0636 0x10bc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
12:31:44.0717 0x10bc wuauserv - ok
12:31:44.0741 0x10bc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:31:44.0780 0x10bc WudfPf - ok
12:31:44.0799 0x10bc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:31:44.0822 0x10bc WUDFRd - ok
12:31:44.0854 0x10bc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:31:44.0880 0x10bc wudfsvc - ok
12:31:44.0901 0x10bc [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:31:44.0935 0x10bc WwanSvc - ok
12:31:44.0952 0x10bc ================ Scan global ===============================
12:31:44.0964 0x10bc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:31:45.0004 0x10bc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
12:31:45.0017 0x10bc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
12:31:45.0034 0x10bc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:31:45.0058 0x10bc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:31:45.0067 0x10bc [ Global ] - ok
12:31:45.0068 0x10bc ================ Scan MBR ==================================
12:31:45.0074 0x10bc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:31:45.0281 0x10bc \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
12:31:45.0281 0x10bc \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:31:48.0933 0x10bc [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:31:49.0517 0x10bc \Device\Harddisk1\DR1 - ok
12:31:49.0517 0x10bc ================ Scan VBR ==================================
12:31:49.0526 0x10bc [ 3BC10CC88F8FF85B03E89CD213821088 ] \Device\Harddisk0\DR0\Partition1
12:31:49.0528 0x10bc \Device\Harddisk0\DR0\Partition1 - ok
12:31:49.0532 0x10bc [ A111A0C79CA26FDF4F2C70BAA0C74470 ] \Device\Harddisk0\DR0\Partition2
12:31:49.0533 0x10bc \Device\Harddisk0\DR0\Partition2 - ok
12:31:49.0547 0x10bc [ A4F77465873C192D70DF959EED11E027 ] \Device\Harddisk0\DR0\Partition3
12:31:49.0549 0x10bc \Device\Harddisk0\DR0\Partition3 - ok
12:31:49.0555 0x10bc [ E2794B1FBCB7F4AF57EF3A5AD04BB417 ] \Device\Harddisk1\DR1\Partition1
12:31:49.0558 0x10bc \Device\Harddisk1\DR1\Partition1 - ok
12:31:49.0697 0x10bc AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.2.234 ), 0x41000 ( enabled : updated )
12:31:49.0739 0x10bc Win FW state via NFP2: enabled
12:31:53.0202 0x10bc ============================================================
12:31:53.0202 0x10bc Scan finished
12:31:53.0202 0x10bc ============================================================
12:31:53.0228 0x122c Detected object count: 6
12:31:53.0228 0x122c Actual detected object count: 6
12:32:28.0443 0x122c BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:28.0444 0x122c BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:28.0446 0x122c FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:28.0446 0x122c FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:28.0449 0x122c NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:28.0449 0x122c NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:28.0451 0x122c Themes ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:28.0451 0x122c Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:28.0454 0x122c USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:32:28.0454 0x122c USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:32:28.0456 0x122c \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:32:28.0457 0x122c \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:33:07.0069 0x0504 Deinitialize success


Alt 29.12.2013, 11:44   #6
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Schritt 1
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Wähle nach dem Scan bei folgendem Eintrag Cure aus (ansonsten Skip):
    Code:
    ATTFilter
    \Device\Harddisk0\DR0 ( TDSS File System )
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Schritt 2
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Zeigt Avira nach dem ersten Schritt noch die Meldung an, dass "BOO/TDss.O im Bootsektor" gefunden wurde?



Poste folgende Logfiles in deiner nächsten Antwort:
  • TDSSKiller-Fix
  • FRST-Scan
__________________
--> Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden

Alt 29.12.2013, 12:11   #7
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Moin Jonas,

vorab noch eine Frage: Wenn ich den Scan mit TDSS Killer laufen lasse (mit der gleichen Konfigration wie zuvor?), kann ich danach nicht "cure" auswählen, sondern nur Skip, Quarantäne oder "Delete"- wäre das entprechend Cure?

Alt 29.12.2013, 12:34   #8
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Zitat:
vorab noch eine Frage: Wenn ich den Scan mit TDSS Killer laufen lasse (mit der gleichen Konfigration wie zuvor?), kann ich danach nicht "cure" auswählen, sondern nur Skip, Quarantäne oder "Delete"- wäre das entprechend Cure?
Jop, mit den gleichen Konfigurationen wie zuvor und dann "Delete" auswählen .
__________________
Gruß,

Jonas

Alt 29.12.2013, 13:18   #9
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Also, nach Schritt 1 hat mir Avira noch einen Fund angezeigt, hier der TDSSKiller Log:

12:46:22.0495 0x17a0 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
12:46:27.0858 0x17a0 ============================================================
12:46:27.0858 0x17a0 Current date / time: 2013/12/29 12:46:27.0858
12:46:27.0858 0x17a0 SystemInfo:
12:46:27.0858 0x17a0
12:46:27.0858 0x17a0 OS Version: 6.1.7601 ServicePack: 1.0
12:46:27.0859 0x17a0 Product type: Workstation
12:46:27.0859 0x17a0 ComputerName: SERENITY
12:46:27.0859 0x17a0 UserName: Christian
12:46:27.0859 0x17a0 Windows directory: C:\Windows
12:46:27.0859 0x17a0 System windows directory: C:\Windows
12:46:27.0859 0x17a0 Running under WOW64
12:46:27.0860 0x17a0 Processor architecture: Intel x64
12:46:27.0860 0x17a0 Number of processors: 4
12:46:27.0860 0x17a0 Page size: 0x1000
12:46:27.0860 0x17a0 Boot type: Normal boot
12:46:27.0860 0x17a0 ============================================================
12:46:29.0457 0x17a0 KLMD registered as C:\Windows\system32\drivers\11203108.sys
12:46:29.0584 0x17a0 System UUID: {0C8F5D1B-1AD2-9E13-21A9-22D5E4AA1F78}
12:46:30.0039 0x17a0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:46:30.0045 0x17a0 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:46:36.0945 0x17a0 ============================================================
12:46:36.0945 0x17a0 \Device\Harddisk0\DR0:
12:46:36.0945 0x17a0 MBR partitions:
12:46:36.0945 0x17a0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:46:36.0945 0x17a0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
12:46:36.0945 0x17a0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035800
12:46:36.0945 0x17a0 \Device\Harddisk1\DR1:
12:46:36.0947 0x17a0 MBR partitions:
12:46:36.0947 0x17a0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
12:46:36.0947 0x17a0 ============================================================
12:46:36.0971 0x17a0 C: <-> \Device\Harddisk0\DR0\Partition2
12:46:36.0993 0x17a0 D: <-> \Device\Harddisk0\DR0\Partition1
12:46:37.0025 0x17a0 E: <-> \Device\Harddisk0\DR0\Partition3
12:46:37.0052 0x17a0 R: <-> \Device\Harddisk1\DR1\Partition1
12:46:37.0053 0x17a0 ============================================================
12:46:37.0053 0x17a0 Initialize success
12:46:37.0053 0x17a0 ============================================================
12:47:33.0519 0x1648 ============================================================
12:47:33.0519 0x1648 Scan started
12:47:33.0519 0x1648 Mode: Manual; SigCheck; TDLFS;
12:47:33.0519 0x1648 ============================================================
12:47:33.0519 0x1648 KSN ping started
12:47:36.0833 0x1648 KSN ping finished: true
12:47:37.0596 0x1648 ================ Scan system memory ========================
12:47:37.0597 0x1648 System memory - ok
12:47:37.0598 0x1648 ================ Scan services =============================
12:47:37.0750 0x1648 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:47:37.0832 0x1648 1394ohci - ok
12:47:37.0934 0x1648 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:47:37.0972 0x1648 ACDaemon - ok
12:47:38.0014 0x1648 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:47:38.0033 0x1648 ACPI - ok
12:47:38.0046 0x1648 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:47:38.0062 0x1648 AcpiPmi - ok
12:47:38.0153 0x1648 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:47:38.0181 0x1648 AdobeARMservice - ok
12:47:38.0295 0x1648 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:47:38.0317 0x1648 AdobeFlashPlayerUpdateSvc - ok
12:47:38.0384 0x1648 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:47:38.0415 0x1648 adp94xx - ok
12:47:38.0436 0x1648 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:47:38.0456 0x1648 adpahci - ok
12:47:38.0475 0x1648 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:47:38.0491 0x1648 adpu320 - ok
12:47:38.0512 0x1648 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:47:38.0546 0x1648 AeLookupSvc - ok
12:47:38.0597 0x1648 [ 6CCD1135320109D6B219F1A6E04AD9F6, B97D4DF46DF0EFC106BD3E248C70809F3F47DF3FD1CA039A0A3923E1FA05A969 ] Afc C:\Windows\syswow64\drivers\Afc.sys
12:47:38.0627 0x1648 Afc - ok
12:47:38.0683 0x1648 [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
12:47:38.0717 0x1648 AFD - ok
12:47:38.0756 0x1648 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
12:47:38.0769 0x1648 agp440 - ok
12:47:38.0785 0x1648 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
12:47:38.0800 0x1648 ALG - ok
12:47:38.0811 0x1648 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
12:47:38.0823 0x1648 aliide - ok
12:47:38.0864 0x1648 [ E20DDDFBD0DBE7D8EAD4D7A51D654367, 62164C58655318E7453C6136BE845091D6244A69BD762F1D588605670BA66B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:47:38.0906 0x1648 AMD External Events Utility - ok
12:47:38.0992 0x1648 AMD FUEL Service - ok
12:47:39.0011 0x1648 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
12:47:39.0045 0x1648 amdide - ok
12:47:39.0089 0x1648 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
12:47:39.0100 0x1648 amdiox64 - ok
12:47:39.0128 0x1648 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:47:39.0142 0x1648 AmdK8 - ok
12:47:39.0525 0x1648 [ 4284FB1240537A33E6EC417EFD87D40F, DAD37EBDCD57C8559FD9395AED7FA85BCA1EDB0337CD2A4F7613E869D859B3F2 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:47:39.0866 0x1648 amdkmdag - ok
12:47:39.0919 0x1648 [ 6C25C497E05EFD0CB6033A0444FC9B51, 318318F06545869D5E17C6CC9E48109790C2F3A5E65779CB1569A10610136B34 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:47:39.0943 0x1648 amdkmdap - ok
12:47:39.0964 0x1648 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:47:39.0979 0x1648 AmdPPM - ok
12:47:40.0022 0x1648 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:47:40.0036 0x1648 amdsata - ok
12:47:40.0053 0x1648 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:47:40.0069 0x1648 amdsbs - ok
12:47:40.0078 0x1648 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:47:40.0091 0x1648 amdxata - ok
12:47:40.0187 0x1648 [ FE79366FECD444A16CCA9979134DBEA8, 91D2301E35C89B9FAD5680124EA51DC346159DC78556ACCD935F9B236B9FDCBC ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:47:40.0218 0x1648 AntiVirSchedulerService - ok
12:47:40.0264 0x1648 [ FDE9C7030FB1E9E2715E113EE6A10F90, 541F278D743C34C6D9940FC1250B90674EB88EC429D481012F27817DAB1B557A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:47:40.0283 0x1648 AntiVirService - ok
12:47:40.0328 0x1648 [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:47:40.0339 0x1648 AODDriver4.01 - ok
12:47:40.0353 0x1648 [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
12:47:40.0364 0x1648 AODDriver4.1 - ok
12:47:40.0398 0x1648 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
12:47:40.0431 0x1648 AppID - ok
12:47:40.0452 0x1648 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:47:40.0484 0x1648 AppIDSvc - ok
12:47:40.0510 0x1648 [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
12:47:40.0543 0x1648 Appinfo - ok
12:47:40.0557 0x1648 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:47:40.0570 0x1648 arc - ok
12:47:40.0581 0x1648 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:47:40.0595 0x1648 arcsas - ok
12:47:40.0633 0x1648 [ 1CE3822B05A5E229286A15EA39369870, B5825DA3AB2F312A57E4E2632EA7BC373497DE5BAC1F605EA2C9B5175FBF7B8F ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:47:40.0663 0x1648 ArcSoftKsUFilter - ok
12:47:40.0782 0x1648 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:47:40.0815 0x1648 aspnet_state - ok
12:47:40.0841 0x1648 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:47:40.0881 0x1648 AsyncMac - ok
12:47:40.0913 0x1648 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
12:47:40.0925 0x1648 atapi - ok
12:47:40.0978 0x1648 [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:47:40.0991 0x1648 AtiHDAudioService - ok
12:47:41.0343 0x1648 [ 4284FB1240537A33E6EC417EFD87D40F, DAD37EBDCD57C8559FD9395AED7FA85BCA1EDB0337CD2A4F7613E869D859B3F2 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:47:41.0682 0x1648 atikmdag - ok
12:47:41.0739 0x1648 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:47:41.0788 0x1648 AudioEndpointBuilder - ok
12:47:41.0808 0x1648 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:47:41.0857 0x1648 AudioSrv - ok
12:47:41.0895 0x1648 [ 7806BFCD1D7FA5EC23F7324D4EAFD25B, 4EDFD9DE520728AF6578BED0054ED6A4976A7F020F3329EA6681D6E361D9DB2D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:47:41.0908 0x1648 avgntflt - ok
12:47:41.0946 0x1648 [ C3A58DBD18786C338126D30BF8C33D72, 4DF4D37AB5139548C2DA4B4C8D6B933A7F4ED001BCA089EFBC8C57EEDE8785A6 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:47:41.0960 0x1648 avipbb - ok
12:47:42.0001 0x1648 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:47:42.0012 0x1648 avkmgr - ok
12:47:42.0044 0x1648 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:47:42.0063 0x1648 AxInstSV - ok
12:47:42.0121 0x1648 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:47:42.0154 0x1648 b06bdrv - ok
12:47:42.0185 0x1648 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:47:42.0205 0x1648 b57nd60a - ok
12:47:42.0229 0x1648 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
12:47:42.0245 0x1648 BDESVC - ok
12:47:42.0258 0x1648 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
12:47:42.0290 0x1648 Beep - ok
12:47:42.0347 0x1648 [ B62ABDC39B36184B6B8B9E71A8685F52, 2B9FD036B110CBA232219F592E6B4C8A2E9F47CC86605B3682B1FD4F34BE6E94 ] BEHRINGER_2902 C:\Windows\system32\Drivers\BUSB2902.sys
12:47:42.0368 0x1648 BEHRINGER_2902 - ok
12:47:42.0458 0x1648 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
12:47:42.0511 0x1648 BFE - ok
12:47:42.0557 0x1648 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
12:47:42.0611 0x1648 BITS - ok
12:47:42.0629 0x1648 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:47:42.0642 0x1648 blbdrive - ok
12:47:42.0726 0x1648 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:47:42.0751 0x1648 Bonjour Service - ok
12:47:42.0788 0x1648 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:47:42.0802 0x1648 bowser - ok
12:47:42.0811 0x1648 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:47:42.0826 0x1648 BrFiltLo - ok
12:47:42.0838 0x1648 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:47:42.0853 0x1648 BrFiltUp - ok
12:47:42.0885 0x1648 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
12:47:42.0901 0x1648 Browser - ok
12:47:43.0088 0x1648 [ 18994CC7A0664F9C8E495F09C38E2FCD, 176CE414757F5C789C51FF7C7620BED77C69B7A10490304F8001FAF5D94A59A1 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
12:47:43.0159 0x1648 BrowserProtect - ok
12:47:43.0183 0x1648 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:47:43.0204 0x1648 Brserid - ok
12:47:43.0215 0x1648 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:47:43.0231 0x1648 BrSerWdm - ok
12:47:43.0247 0x1648 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:47:43.0262 0x1648 BrUsbMdm - ok
12:47:43.0276 0x1648 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:47:43.0289 0x1648 BrUsbSer - ok
12:47:43.0332 0x1648 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:47:43.0343 0x1648 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
12:47:43.0435 0x1648 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
12:47:47.0761 0x1648 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:47:47.0795 0x1648 BTHMODEM - ok
12:47:47.0818 0x1648 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
12:47:47.0862 0x1648 bthserv - ok
12:47:47.0910 0x1648 [ AEC85FF9A00DD9EE7605AFC66949F228, BD6EDF76A11276E46E776AA183D4BE627F8A9E065AE07B8B54FFDBBC231D104F ] BUSB_AUDIO_WDM C:\Windows\system32\drivers\busbwdm.sys
12:47:47.0944 0x1648 BUSB_AUDIO_WDM - ok
12:47:47.0965 0x1648 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:47:48.0004 0x1648 cdfs - ok
12:47:48.0055 0x1648 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:47:48.0087 0x1648 cdrom - ok
12:47:48.0126 0x1648 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
12:47:48.0179 0x1648 CertPropSvc - ok
12:47:48.0196 0x1648 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:47:48.0211 0x1648 circlass - ok
12:47:48.0240 0x1648 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
12:47:48.0260 0x1648 CLFS - ok
12:47:48.0309 0x1648 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:47:48.0340 0x1648 clr_optimization_v2.0.50727_32 - ok
12:47:48.0383 0x1648 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:47:48.0400 0x1648 clr_optimization_v2.0.50727_64 - ok
12:47:48.0462 0x1648 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:47:48.0496 0x1648 clr_optimization_v4.0.30319_32 - ok
12:47:48.0511 0x1648 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:47:48.0524 0x1648 clr_optimization_v4.0.30319_64 - ok
12:47:48.0546 0x1648 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:47:48.0559 0x1648 CmBatt - ok
12:47:48.0574 0x1648 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:47:48.0587 0x1648 cmdide - ok
12:47:48.0628 0x1648 [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
12:47:48.0657 0x1648 CNG - ok
12:47:48.0668 0x1648 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:47:48.0680 0x1648 Compbatt - ok
12:47:48.0698 0x1648 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:47:48.0714 0x1648 CompositeBus - ok
12:47:48.0718 0x1648 COMSysApp - ok
12:47:48.0735 0x1648 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:47:48.0747 0x1648 crcdisk - ok
12:47:48.0778 0x1648 [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:47:48.0796 0x1648 CryptSvc - ok
12:47:48.0843 0x1648 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:47:48.0889 0x1648 DcomLaunch - ok
12:47:48.0913 0x1648 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
12:47:48.0953 0x1648 defragsvc - ok
12:47:48.0983 0x1648 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:47:49.0017 0x1648 DfsC - ok
12:47:49.0043 0x1648 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:47:49.0066 0x1648 Dhcp - ok
12:47:49.0077 0x1648 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
12:47:49.0110 0x1648 discache - ok
12:47:49.0140 0x1648 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:47:49.0154 0x1648 Disk - ok
12:47:49.0189 0x1648 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:47:49.0207 0x1648 Dnscache - ok
12:47:49.0244 0x1648 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
12:47:49.0301 0x1648 dot3svc - ok
12:47:49.0331 0x1648 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
12:47:49.0394 0x1648 DPS - ok
12:47:49.0420 0x1648 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:47:49.0435 0x1648 drmkaud - ok
12:47:49.0474 0x1648 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:47:49.0492 0x1648 dtsoftbus01 - ok
12:47:49.0548 0x1648 [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:47:49.0584 0x1648 DXGKrnl - ok
12:47:49.0606 0x1648 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
12:47:49.0641 0x1648 EapHost - ok
12:47:49.0772 0x1648 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:47:49.0875 0x1648 ebdrv - ok
12:47:49.0904 0x1648 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
12:47:49.0918 0x1648 EFS - ok
12:47:49.0971 0x1648 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:47:50.0003 0x1648 ehRecvr - ok
12:47:50.0033 0x1648 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
12:47:50.0050 0x1648 ehSched - ok
12:47:50.0087 0x1648 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:47:50.0112 0x1648 elxstor - ok
12:47:50.0135 0x1648 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:47:50.0148 0x1648 ErrDev - ok
12:47:50.0177 0x1648 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
12:47:50.0221 0x1648 EventSystem - ok
12:47:50.0271 0x1648 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:47:50.0288 0x1648 ew_hwusbdev - ok
12:47:50.0328 0x1648 [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:47:50.0356 0x1648 ew_usbenumfilter - ok
12:47:50.0391 0x1648 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
12:47:50.0433 0x1648 exfat - ok
12:47:50.0484 0x1648 Fabs - ok
12:47:50.0511 0x1648 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:47:50.0563 0x1648 fastfat - ok
12:47:50.0603 0x1648 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
12:47:50.0634 0x1648 Fax - ok
12:47:50.0653 0x1648 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:47:50.0666 0x1648 fdc - ok
12:47:50.0700 0x1648 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
12:47:50.0733 0x1648 fdPHost - ok
12:47:50.0747 0x1648 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
12:47:50.0780 0x1648 FDResPub - ok
12:47:50.0793 0x1648 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:47:50.0807 0x1648 FileInfo - ok
12:47:50.0820 0x1648 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:47:50.0852 0x1648 Filetrace - ok
12:47:50.0972 0x1648 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:47:51.0070 0x1648 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
12:47:51.0070 0x1648 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:47:54.0601 0x1648 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:47:54.0629 0x1648 flpydisk - ok
12:47:54.0668 0x1648 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:47:54.0686 0x1648 FltMgr - ok
12:47:54.0749 0x1648 [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache C:\Windows\system32\FntCache.dll
12:47:54.0794 0x1648 FontCache - ok
12:47:54.0838 0x1648 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:47:54.0849 0x1648 FontCache3.0.0.0 - ok
12:47:54.0866 0x1648 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:47:54.0879 0x1648 FsDepends - ok
12:47:54.0900 0x1648 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:47:54.0913 0x1648 Fs_Rec - ok
12:47:54.0959 0x1648 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:47:54.0994 0x1648 fvevol - ok
12:47:55.0019 0x1648 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:47:55.0032 0x1648 gagp30kx - ok
12:47:55.0102 0x1648 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
12:47:55.0159 0x1648 gpsvc - ok
12:47:55.0172 0x1648 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:47:55.0186 0x1648 hcw85cir - ok
12:47:55.0237 0x1648 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:47:55.0261 0x1648 HdAudAddService - ok
12:47:55.0286 0x1648 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:47:55.0304 0x1648 HDAudBus - ok
12:47:55.0326 0x1648 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:47:55.0339 0x1648 HidBatt - ok
12:47:55.0359 0x1648 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:47:55.0377 0x1648 HidBth - ok
12:47:55.0388 0x1648 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:47:55.0404 0x1648 HidIr - ok
12:47:55.0428 0x1648 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
12:47:55.0461 0x1648 hidserv - ok
12:47:55.0486 0x1648 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:47:55.0499 0x1648 HidUsb - ok
12:47:55.0533 0x1648 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:47:55.0566 0x1648 hkmsvc - ok
12:47:55.0625 0x1648 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:47:55.0662 0x1648 HomeGroupListener - ok
12:47:55.0700 0x1648 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:47:55.0728 0x1648 HomeGroupProvider - ok
12:47:55.0742 0x1648 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:47:55.0756 0x1648 HpSAMD - ok
12:47:55.0796 0x1648 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:47:55.0847 0x1648 HTTP - ok
12:47:55.0887 0x1648 [ 4DBBFCE863FE1B64C770EB53A3BA5860, DA77FB5D865779834CDCEE74200B9346FA3A4D0465F7A49C877ED6F786232CEF ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
12:47:55.0902 0x1648 huawei_cdcacm - ok
12:47:55.0913 0x1648 [ 1642C62F1FD5E1FF44608283994A7BB8, 4646AA0EF74A2AEE6C17D12206FCFE1E84D6FA712AD95A171F16D11BC9D3F11A ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:47:55.0928 0x1648 huawei_enumerator - ok
12:47:55.0949 0x1648 [ DF65F49F3A108AB509D675312FC896B8, E88F15DED4346E127F182B3D1DA2D1506998844212940281355C8ED96776141C ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
12:47:55.0962 0x1648 huawei_ext_ctrl - ok
12:47:55.0990 0x1648 [ 962032D69A8CA503F030F311CF4487B7, 1E4009A0CA6F73D02171D14FDCC875E5AD36C6CE50F1F1B1642741A0914703EB ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
12:47:56.0008 0x1648 huawei_wwanecm - ok
12:47:56.0089 0x1648 [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
12:47:56.0123 0x1648 HWDeviceService64.exe - ok
12:47:56.0136 0x1648 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:47:56.0148 0x1648 hwpolicy - ok
12:47:56.0191 0x1648 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:47:56.0207 0x1648 i8042prt - ok
12:47:56.0246 0x1648 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:47:56.0268 0x1648 iaStorV - ok
12:47:56.0323 0x1648 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:47:56.0354 0x1648 idsvc - ok
12:47:56.0384 0x1648 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:47:56.0397 0x1648 iirsp - ok
12:47:56.0443 0x1648 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
12:47:56.0497 0x1648 IKEEXT - ok
12:47:56.0514 0x1648 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
12:47:56.0527 0x1648 intelide - ok
12:47:56.0549 0x1648 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:47:56.0563 0x1648 intelppm - ok
12:47:56.0601 0x1648 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:47:56.0636 0x1648 IPBusEnum - ok
12:47:56.0666 0x1648 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:47:56.0698 0x1648 IpFilterDriver - ok
12:47:56.0734 0x1648 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:47:56.0762 0x1648 iphlpsvc - ok
12:47:56.0793 0x1648 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:47:56.0808 0x1648 IPMIDRV - ok
12:47:56.0826 0x1648 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:47:56.0861 0x1648 IPNAT - ok
12:47:56.0876 0x1648 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:47:56.0892 0x1648 IRENUM - ok
12:47:56.0901 0x1648 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:47:56.0914 0x1648 isapnp - ok
12:47:56.0937 0x1648 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:47:56.0955 0x1648 iScsiPrt - ok
12:47:56.0973 0x1648 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:47:56.0986 0x1648 kbdclass - ok
12:47:57.0013 0x1648 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:47:57.0027 0x1648 kbdhid - ok
12:47:57.0034 0x1648 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
12:47:57.0048 0x1648 KeyIso - ok
12:47:57.0086 0x1648 [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:47:57.0100 0x1648 KSecDD - ok
12:47:57.0131 0x1648 [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:47:57.0146 0x1648 KSecPkg - ok
12:47:57.0151 0x1648 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:47:57.0183 0x1648 ksthunk - ok
12:47:57.0212 0x1648 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
12:47:57.0255 0x1648 KtmRm - ok
12:47:57.0290 0x1648 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:47:57.0327 0x1648 LanmanServer - ok
12:47:57.0359 0x1648 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:47:57.0394 0x1648 LanmanWorkstation - ok
12:47:57.0424 0x1648 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:47:57.0457 0x1648 lltdio - ok
12:47:57.0481 0x1648 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:47:57.0522 0x1648 lltdsvc - ok
12:47:57.0534 0x1648 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:47:57.0567 0x1648 lmhosts - ok
12:47:57.0586 0x1648 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:47:57.0600 0x1648 LSI_FC - ok
12:47:57.0611 0x1648 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:47:57.0625 0x1648 LSI_SAS - ok
12:47:57.0636 0x1648 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:47:57.0650 0x1648 LSI_SAS2 - ok
12:47:57.0666 0x1648 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:47:57.0681 0x1648 LSI_SCSI - ok
12:47:57.0701 0x1648 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
12:47:57.0735 0x1648 luafv - ok
12:47:57.0773 0x1648 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
12:47:57.0791 0x1648 mcdbus - ok
12:47:57.0818 0x1648 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:47:57.0835 0x1648 Mcx2Svc - ok
12:47:57.0858 0x1648 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:47:57.0871 0x1648 megasas - ok
12:47:57.0898 0x1648 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:47:57.0917 0x1648 MegaSR - ok
12:47:57.0931 0x1648 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
12:47:57.0965 0x1648 MMCSS - ok
12:47:57.0976 0x1648 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
12:47:58.0008 0x1648 Modem - ok
12:47:58.0026 0x1648 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:47:58.0042 0x1648 monitor - ok
12:47:58.0053 0x1648 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:47:58.0066 0x1648 mouclass - ok
12:47:58.0087 0x1648 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:47:58.0100 0x1648 mouhid - ok
12:47:58.0138 0x1648 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:47:58.0153 0x1648 mountmgr - ok
12:47:58.0239 0x1648 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:47:58.0276 0x1648 MozillaMaintenance - ok
12:47:58.0295 0x1648 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
12:47:58.0310 0x1648 mpio - ok
12:47:58.0338 0x1648 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:47:58.0371 0x1648 mpsdrv - ok
12:47:58.0416 0x1648 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:47:58.0470 0x1648 MpsSvc - ok
12:47:58.0502 0x1648 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:47:58.0522 0x1648 MRxDAV - ok
12:47:58.0551 0x1648 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:47:58.0567 0x1648 mrxsmb - ok
12:47:58.0587 0x1648 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:47:58.0607 0x1648 mrxsmb10 - ok
12:47:58.0621 0x1648 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:47:58.0636 0x1648 mrxsmb20 - ok
12:47:58.0660 0x1648 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
12:47:58.0673 0x1648 msahci - ok
12:47:58.0708 0x1648 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:47:58.0723 0x1648 msdsm - ok
12:47:58.0742 0x1648 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
12:47:58.0760 0x1648 MSDTC - ok
12:47:58.0781 0x1648 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:47:58.0814 0x1648 Msfs - ok
12:47:58.0828 0x1648 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:47:58.0860 0x1648 mshidkmdf - ok
12:47:58.0887 0x1648 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:47:58.0899 0x1648 msisadrv - ok
12:47:58.0926 0x1648 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:47:58.0962 0x1648 MSiSCSI - ok
12:47:58.0966 0x1648 msiserver - ok
12:47:58.0996 0x1648 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:47:59.0028 0x1648 MSKSSRV - ok
12:47:59.0049 0x1648 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:47:59.0081 0x1648 MSPCLOCK - ok
12:47:59.0095 0x1648 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:47:59.0127 0x1648 MSPQM - ok
12:47:59.0168 0x1648 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:47:59.0189 0x1648 MsRPC - ok
12:47:59.0204 0x1648 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:47:59.0216 0x1648 mssmbios - ok
12:47:59.0271 0x1648 MSSQL$SQLEXPRESS - ok
12:47:59.0350 0x1648 [ 7A2A8C975356858EB38466A6B1592E8D, 97C3DFCCBE1BA92EE7E4848993D6F369D543A53344A6512C84EF03E7D737A482 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:47:59.0386 0x1648 MSSQLServerADHelper100 - ok
12:47:59.0400 0x1648 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:47:59.0432 0x1648 MSTEE - ok
12:47:59.0447 0x1648 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:47:59.0460 0x1648 MTConfig - ok
12:47:59.0506 0x1648 [ 2219A3D695405E7BA2186BA6B9EDE14A, 8B99BD22DACB56FF544ED922962FE4EC1172BF90987A46E3A5F62A3B4E720B0C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
12:47:59.0535 0x1648 MTsensor - ok
12:47:59.0556 0x1648 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
12:47:59.0574 0x1648 Mup - ok
12:47:59.0621 0x1648 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
12:47:59.0673 0x1648 napagent - ok
12:47:59.0703 0x1648 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:47:59.0727 0x1648 NativeWifiP - ok
12:47:59.0807 0x1648 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
12:47:59.0842 0x1648 NDIS - ok
12:47:59.0860 0x1648 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:47:59.0893 0x1648 NdisCap - ok
12:47:59.0909 0x1648 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:47:59.0941 0x1648 NdisTapi - ok
12:47:59.0971 0x1648 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:48:00.0003 0x1648 Ndisuio - ok
12:48:00.0035 0x1648 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:48:00.0070 0x1648 NdisWan - ok
12:48:00.0100 0x1648 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:48:00.0159 0x1648 NDProxy - ok
12:48:00.0170 0x1648 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:48:00.0203 0x1648 NetBIOS - ok
12:48:00.0242 0x1648 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:48:00.0280 0x1648 NetBT - ok
12:48:00.0296 0x1648 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
12:48:00.0310 0x1648 Netlogon - ok
12:48:00.0340 0x1648 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
12:48:00.0383 0x1648 Netman - ok
12:48:00.0432 0x1648 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:48:00.0466 0x1648 NetMsmqActivator - ok
12:48:00.0483 0x1648 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:48:00.0496 0x1648 NetPipeActivator - ok
12:48:00.0521 0x1648 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
12:48:00.0566 0x1648 netprofm - ok
12:48:00.0580 0x1648 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:48:00.0593 0x1648 NetTcpActivator - ok
12:48:00.0600 0x1648 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:48:00.0613 0x1648 NetTcpPortSharing - ok
12:48:00.0631 0x1648 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:48:00.0644 0x1648 nfrd960 - ok
12:48:00.0893 0x1648 [ 0BCB418C2906852C6F9347A258FD5711, 14AB1F890A6C8679B94601924C95756EC5FF3973684CD19079B5DAFF028FE7B4 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
12:48:01.0049 0x1648 NIHardwareService - detected UnsignedFile.Multi.Generic ( 1 )
12:48:01.0049 0x1648 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
12:48:01.0049 0x1648 Force sending object to P2P due to detect: C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
12:48:11.0773 0x1648 Object send P2P result: true
12:48:15.0401 0x1648 [ 8156507DFAFA673D744A28415EC737FD, E8FA5DB92BED494A6CC3058919BB44EB75C14064E789082DB09874E635D82EFD ] NitroDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
12:48:15.0433 0x1648 NitroDriverReadSpool - ok
12:48:15.0518 0x1648 [ AED45983165B3B9526757204FFCEA651, 9C6626E51256972EC885277FED6334E9F2EC13B97EB635611E3FD5AD96ABD9A4 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
12:48:15.0548 0x1648 NitroReaderDriverReadSpool3 - ok
12:48:15.0566 0x1648 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:48:15.0587 0x1648 NlaSvc - ok
12:48:15.0616 0x1648 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:48:15.0649 0x1648 Npfs - ok
12:48:15.0668 0x1648 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
12:48:15.0701 0x1648 nsi - ok
12:48:15.0717 0x1648 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:48:15.0750 0x1648 nsiproxy - ok
12:48:15.0854 0x1648 [ E453ACF4E7D44E5530B5D5F2B9CA8563, 85EEBCBB3187A21282619A0264C10E9E52EFE4387F3425D3D279EF460DA3AD06 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:48:15.0905 0x1648 Ntfs - ok
12:48:15.0918 0x1648 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
12:48:15.0951 0x1648 Null - ok
12:48:15.0980 0x1648 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:48:15.0995 0x1648 nvraid - ok
12:48:16.0020 0x1648 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:48:16.0035 0x1648 nvstor - ok
12:48:16.0064 0x1648 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:48:16.0079 0x1648 nv_agp - ok
12:48:16.0107 0x1648 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:48:16.0122 0x1648 ohci1394 - ok
12:48:16.0174 0x1648 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:48:16.0188 0x1648 ose - ok
12:48:16.0394 0x1648 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:48:16.0522 0x1648 osppsvc - ok
12:48:16.0558 0x1648 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:48:16.0581 0x1648 p2pimsvc - ok
12:48:16.0608 0x1648 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
12:48:16.0633 0x1648 p2psvc - ok
12:48:16.0687 0x1648 [ 3A6DCEB1848470320E4A3C12D7A35B1C, B1BF8305CEC4F5AC250B8EC8C36B93F90E6DDD267AFAAF654A0D6AD555A7FA92 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
12:48:16.0713 0x1648 PAC207 - ok
12:48:16.0884 0x1648 [ 77CDC6C43D8C3E05D0E21B36EAABEBAE, 4B81147E8ACD04636F5381BC5D121F428F946C7735C97CD3E1C3BCCD47D0F5BB ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
12:48:16.0917 0x1648 PanService - ok
12:48:16.0968 0x1648 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:48:16.0983 0x1648 Parport - ok
12:48:17.0019 0x1648 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:48:17.0032 0x1648 partmgr - ok
12:48:17.0048 0x1648 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
12:48:17.0070 0x1648 PcaSvc - ok
12:48:17.0126 0x1648 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
12:48:17.0162 0x1648 pci - ok
12:48:17.0191 0x1648 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
12:48:17.0203 0x1648 pciide - ok
12:48:17.0220 0x1648 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:48:17.0237 0x1648 pcmcia - ok
12:48:17.0253 0x1648 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
12:48:17.0266 0x1648 pcw - ok
12:48:17.0348 0x1648 [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
12:48:17.0384 0x1648 PDFProFiltSrvPP - ok
12:48:17.0410 0x1648 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:48:17.0459 0x1648 PEAUTH - ok
12:48:17.0512 0x1648 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:48:17.0526 0x1648 PerfHost - ok
12:48:17.0597 0x1648 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
12:48:17.0666 0x1648 pla - ok
12:48:17.0714 0x1648 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:48:17.0738 0x1648 PlugPlay - ok
12:48:17.0751 0x1648 PnkBstrA - ok
12:48:17.0767 0x1648 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:48:17.0781 0x1648 PNRPAutoReg - ok
12:48:17.0800 0x1648 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:48:17.0823 0x1648 PNRPsvc - ok
12:48:17.0862 0x1648 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:48:17.0907 0x1648 PolicyAgent - ok
12:48:17.0932 0x1648 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
12:48:17.0969 0x1648 Power - ok
12:48:18.0006 0x1648 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:48:18.0040 0x1648 PptpMiniport - ok
12:48:18.0058 0x1648 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:48:18.0072 0x1648 Processor - ok
12:48:18.0116 0x1648 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
12:48:18.0134 0x1648 ProfSvc - ok
12:48:18.0147 0x1648 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
12:48:18.0161 0x1648 ProtectedStorage - ok
12:48:18.0196 0x1648 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:48:18.0230 0x1648 Psched - ok
12:48:18.0286 0x1648 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:48:18.0335 0x1648 ql2300 - ok
12:48:18.0351 0x1648 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:48:18.0365 0x1648 ql40xx - ok
12:48:18.0394 0x1648 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
12:48:18.0417 0x1648 QWAVE - ok
12:48:18.0422 0x1648 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:48:18.0439 0x1648 QWAVEdrv - ok
12:48:18.0453 0x1648 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:48:18.0485 0x1648 RasAcd - ok
12:48:18.0510 0x1648 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:48:18.0544 0x1648 RasAgileVpn - ok
12:48:18.0550 0x1648 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
12:48:18.0585 0x1648 RasAuto - ok
12:48:18.0622 0x1648 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:48:18.0656 0x1648 Rasl2tp - ok
12:48:18.0689 0x1648 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
12:48:18.0730 0x1648 RasMan - ok
12:48:18.0755 0x1648 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:48:18.0789 0x1648 RasPppoe - ok
12:48:18.0798 0x1648 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:48:18.0833 0x1648 RasSstp - ok
12:48:18.0869 0x1648 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:48:18.0908 0x1648 rdbss - ok
12:48:18.0921 0x1648 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:48:18.0936 0x1648 rdpbus - ok
12:48:18.0947 0x1648 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:48:18.0979 0x1648 RDPCDD - ok
12:48:18.0997 0x1648 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:48:19.0029 0x1648 RDPENCDD - ok
12:48:19.0037 0x1648 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:48:19.0069 0x1648 RDPREFMP - ok
12:48:19.0108 0x1648 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:48:19.0126 0x1648 RDPWD - ok
12:48:19.0158 0x1648 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:48:19.0175 0x1648 rdyboost - ok
12:48:19.0192 0x1648 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:48:19.0227 0x1648 RemoteAccess - ok
12:48:19.0250 0x1648 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:48:19.0286 0x1648 RemoteRegistry - ok
12:48:19.0308 0x1648 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:48:19.0342 0x1648 RpcEptMapper - ok
12:48:19.0369 0x1648 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
12:48:19.0382 0x1648 RpcLocator - ok
12:48:19.0421 0x1648 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
12:48:19.0466 0x1648 RpcSs - ok
12:48:19.0513 0x1648 [ CD553B8633466A6D1C115812F2619F1F, B39B38DE8B97209BEABDBF062832A1BDE2303450238B9A4723829958C5C81A6B ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
12:48:19.0531 0x1648 RsFx0103 - ok
12:48:19.0558 0x1648 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:48:19.0592 0x1648 rspndr - ok
12:48:19.0621 0x1648 [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:48:19.0639 0x1648 RTL8167 - ok
12:48:19.0654 0x1648 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
12:48:19.0667 0x1648 SamSs - ok
12:48:19.0698 0x1648 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:48:19.0712 0x1648 sbp2port - ok
12:48:19.0744 0x1648 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:48:19.0782 0x1648 SCardSvr - ok
12:48:19.0827 0x1648 [ 3AC948640421E3891A49AA83C6B77B7A, 537EA4CE047436B07D6309889AB4E2CB1CECA3BCE624FA204BEAE50717534B59 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
12:48:19.0840 0x1648 SCDEmu - ok
12:48:19.0866 0x1648 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:48:19.0897 0x1648 scfilter - ok
12:48:19.0972 0x1648 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
12:48:20.0034 0x1648 Schedule - ok
12:48:20.0061 0x1648 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:48:20.0094 0x1648 SCPolicySvc - ok
12:48:20.0129 0x1648 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:48:20.0147 0x1648 SDRSVC - ok
12:48:20.0163 0x1648 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:48:20.0195 0x1648 secdrv - ok
12:48:20.0226 0x1648 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
12:48:20.0258 0x1648 seclogon - ok
12:48:20.0275 0x1648 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
12:48:20.0309 0x1648 SENS - ok
12:48:20.0318 0x1648 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:48:20.0332 0x1648 SensrSvc - ok
12:48:20.0344 0x1648 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:48:20.0357 0x1648 Serenum - ok
12:48:20.0367 0x1648 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:48:20.0382 0x1648 Serial - ok
12:48:20.0412 0x1648 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:48:20.0447 0x1648 sermouse - ok
12:48:20.0480 0x1648 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
12:48:20.0520 0x1648 SessionEnv - ok
12:48:20.0544 0x1648 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:48:20.0559 0x1648 sffdisk - ok
12:48:20.0572 0x1648 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:48:20.0587 0x1648 sffp_mmc - ok
12:48:20.0591 0x1648 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:48:20.0606 0x1648 sffp_sd - ok
12:48:20.0615 0x1648 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:48:20.0628 0x1648 sfloppy - ok
12:48:20.0654 0x1648 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:48:20.0695 0x1648 SharedAccess - ok
12:48:20.0735 0x1648 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:48:20.0776 0x1648 ShellHWDetection - ok
12:48:20.0794 0x1648 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:48:20.0807 0x1648 SiSRaid2 - ok
12:48:20.0812 0x1648 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:48:20.0826 0x1648 SiSRaid4 - ok
12:48:20.0874 0x1648 [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:48:20.0888 0x1648 SkypeUpdate - ok
12:48:20.0911 0x1648 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:48:20.0945 0x1648 Smb - ok
12:48:20.0972 0x1648 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:48:20.0986 0x1648 SNMPTRAP - ok
12:48:21.0008 0x1648 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
12:48:21.0021 0x1648 spldr - ok
12:48:21.0069 0x1648 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
12:48:21.0097 0x1648 Spooler - ok
12:48:21.0245 0x1648 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
12:48:21.0372 0x1648 sppsvc - ok
12:48:21.0387 0x1648 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:48:21.0421 0x1648 sppuinotify - ok
12:48:21.0439 0x1648 sptd - ok
12:48:21.0536 0x1648 [ 12E6D95CDE974B131DEFAA44BAB8B056, 3FEF55D97915BDB222E3A60B50D53BBD8D9C0FDFF85EDC025B8EFD33E575E596 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:48:21.0568 0x1648 SQLAgent$SQLEXPRESS - ok
12:48:21.0622 0x1648 [ B54B48F6D92423440C264E91225C5FF1, 7484D90CE309555E1FB54F011A2980D8491354223111B7AA16D1D2473570DC19 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:48:21.0652 0x1648 SQLBrowser - ok
12:48:21.0722 0x1648 [ 6D65985945B03CA59B67D0B73702FC7B, B491EEFBCA2BB1145047AAF6A2DA02B012F3530F8B9306425486462358BD82CA ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:48:21.0752 0x1648 SQLWriter - ok
12:48:21.0793 0x1648 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:48:21.0818 0x1648 srv - ok
12:48:21.0844 0x1648 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:48:21.0867 0x1648 srv2 - ok
12:48:21.0885 0x1648 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:48:21.0901 0x1648 srvnet - ok
12:48:21.0929 0x1648 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:48:21.0967 0x1648 SSDPSRV - ok
12:48:21.0981 0x1648 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:48:22.0015 0x1648 SstpSvc - ok
12:48:22.0032 0x1648 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:48:22.0044 0x1648 stexstor - ok
12:48:22.0090 0x1648 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
12:48:22.0124 0x1648 stisvc - ok
12:48:22.0153 0x1648 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
12:48:22.0166 0x1648 swenum - ok
12:48:22.0190 0x1648 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
12:48:22.0238 0x1648 swprv - ok
12:48:22.0314 0x1648 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
12:48:22.0380 0x1648 SysMain - ok
12:48:22.0405 0x1648 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:48:22.0425 0x1648 TabletInputService - ok
12:48:22.0450 0x1648 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
12:48:22.0490 0x1648 TapiSrv - ok
12:48:22.0511 0x1648 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
12:48:22.0546 0x1648 TBS - ok
12:48:22.0620 0x1648 [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:48:22.0678 0x1648 Tcpip - ok
12:48:22.0738 0x1648 [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:48:22.0795 0x1648 TCPIP6 - ok
12:48:22.0832 0x1648 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:48:22.0845 0x1648 tcpipreg - ok
12:48:22.0874 0x1648 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:48:22.0887 0x1648 TDPIPE - ok
12:48:22.0910 0x1648 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:48:22.0922 0x1648 TDTCP - ok
12:48:22.0960 0x1648 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:48:22.0994 0x1648 tdx - ok
12:48:23.0029 0x1648 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
12:48:23.0042 0x1648 TermDD - ok
12:48:23.0083 0x1648 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
12:48:23.0133 0x1648 TermService - ok
12:48:23.0163 0x1648 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D, D973C4FE5B8D02B15476D72B49105840A04DBFF8BCB77117C0354D046E6C02FB ] Themes C:\Windows\system32\themeservice.dll
12:48:23.0169 0x1648 Themes - detected UnsignedFile.Multi.Generic ( 1 )
12:48:23.0169 0x1648 Themes ( UnsignedFile.Multi.Generic ) - warning
12:48:23.0169 0x1648 Force sending object to P2P due to detect: C:\Windows\system32\themeservice.dll
12:48:28.0631 0x1648 Object send P2P result: true
12:48:32.0072 0x1648 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
12:48:32.0121 0x1648 THREADORDER - ok
12:48:32.0137 0x1648 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
12:48:32.0173 0x1648 TrkWks - ok
12:48:32.0222 0x1648 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:48:32.0273 0x1648 TrustedInstaller - ok
12:48:32.0302 0x1648 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:48:32.0334 0x1648 tssecsrv - ok
12:48:32.0378 0x1648 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:48:32.0392 0x1648 TsUsbFlt - ok
12:48:32.0436 0x1648 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:48:32.0470 0x1648 tunnel - ok
12:48:32.0482 0x1648 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:48:32.0495 0x1648 uagp35 - ok
12:48:32.0587 0x1648 [ 63F6D08C54D5B3C1B12A6172032055C7, 87D872731D2C85E1A0ED3128CB7AB91AF00D830B0E4307054ABFD1D3900C990D ] uCamMonitor C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
12:48:32.0623 0x1648 uCamMonitor - ok
12:48:32.0656 0x1648 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:48:32.0695 0x1648 udfs - ok
12:48:32.0722 0x1648 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:48:32.0737 0x1648 UI0Detect - ok
12:48:32.0752 0x1648 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:48:32.0765 0x1648 uliagpkx - ok
12:48:32.0850 0x1648 [ 694BCF23662F97D987CF4C6739C35F8B, 6D7D57785C8F968514FAB383732F9E2FB15349369D17E3BD1C438B5E95EBD388 ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
12:48:32.0874 0x1648 UltraMonUtility - ok
12:48:32.0920 0x1648 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
12:48:32.0945 0x1648 umbus - ok
12:48:32.0970 0x1648 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:48:32.0983 0x1648 UmPass - ok
12:48:33.0010 0x1648 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
12:48:33.0052 0x1648 upnphost - ok
12:48:33.0087 0x1648 [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:48:33.0093 0x1648 USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
12:48:33.0093 0x1648 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
12:48:36.0585 0x1648 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:48:36.0639 0x1648 usbaudio - ok
12:48:36.0672 0x1648 [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:48:36.0691 0x1648 usbccgp - ok
12:48:36.0711 0x1648 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:48:36.0728 0x1648 usbcir - ok
12:48:36.0748 0x1648 [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:48:36.0761 0x1648 usbehci - ok
12:48:36.0785 0x1648 [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:48:36.0807 0x1648 usbhub - ok
12:48:36.0818 0x1648 [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:48:36.0831 0x1648 usbohci - ok
12:48:36.0854 0x1648 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:48:36.0869 0x1648 usbprint - ok
12:48:36.0896 0x1648 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:48:36.0912 0x1648 usbscan - ok
12:48:36.0930 0x1648 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:48:36.0945 0x1648 USBSTOR - ok
12:48:36.0964 0x1648 [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:48:36.0977 0x1648 usbuhci - ok
12:48:37.0003 0x1648 [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:48:37.0023 0x1648 usbvideo - ok
12:48:37.0046 0x1648 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
12:48:37.0080 0x1648 UxSms - ok
12:48:37.0092 0x1648 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
12:48:37.0105 0x1648 VaultSvc - ok
12:48:37.0132 0x1648 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:48:37.0145 0x1648 vdrvroot - ok
12:48:37.0212 0x1648 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
12:48:37.0259 0x1648 vds - ok
12:48:37.0281 0x1648 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:48:37.0296 0x1648 vga - ok
12:48:37.0301 0x1648 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:48:37.0334 0x1648 VgaSave - ok
12:48:37.0356 0x1648 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:48:37.0373 0x1648 vhdmp - ok
12:48:37.0495 0x1648 [ E066AA9C9866C2001372486A6841108C, 648E39962EDB3D77FBB5E2D5B603E16240AADE181A20E8778EE3D8847E4C0984 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:48:37.0558 0x1648 VIAHdAudAddService - ok
12:48:37.0591 0x1648 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
12:48:37.0603 0x1648 viaide - ok
12:48:37.0630 0x1648 [ 1236737C7993FB462610E1A0AA92C40B, 85385740AE7F885ACD605860AB2642DAC7456BB26C6615DAA9EE02AF54FEF77C ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
12:48:37.0641 0x1648 VIAKaraokeService - ok
12:48:37.0672 0x1648 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:48:37.0686 0x1648 volmgr - ok
12:48:37.0722 0x1648 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:48:37.0743 0x1648 volmgrx - ok
12:48:37.0760 0x1648 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:48:37.0779 0x1648 volsnap - ok
12:48:37.0810 0x1648 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:48:37.0826 0x1648 vsmraid - ok
12:48:37.0901 0x1648 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
12:48:37.0977 0x1648 VSS - ok
12:48:37.0989 0x1648 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:48:38.0004 0x1648 vwifibus - ok
12:48:38.0033 0x1648 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
12:48:38.0077 0x1648 W32Time - ok
12:48:38.0085 0x1648 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:48:38.0098 0x1648 WacomPen - ok
12:48:38.0118 0x1648 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:48:38.0152 0x1648 WANARP - ok
12:48:38.0157 0x1648 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:48:38.0190 0x1648 Wanarpv6 - ok
12:48:38.0315 0x1648 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:48:38.0360 0x1648 WatAdminSvc - ok
12:48:38.0425 0x1648 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
12:48:38.0480 0x1648 wbengine - ok
12:48:38.0498 0x1648 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:48:38.0521 0x1648 WbioSrvc - ok
12:48:38.0550 0x1648 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:48:38.0578 0x1648 wcncsvc - ok
12:48:38.0583 0x1648 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:48:38.0597 0x1648 WcsPlugInService - ok
12:48:38.0611 0x1648 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:48:38.0624 0x1648 Wd - ok
12:48:38.0674 0x1648 [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:48:38.0708 0x1648 Wdf01000 - ok
12:48:38.0734 0x1648 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:48:38.0754 0x1648 WdiServiceHost - ok
12:48:38.0759 0x1648 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:48:38.0779 0x1648 WdiSystemHost - ok
12:48:38.0810 0x1648 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
12:48:38.0835 0x1648 WebClient - ok
12:48:38.0844 0x1648 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:48:38.0884 0x1648 Wecsvc - ok
12:48:38.0903 0x1648 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:48:38.0938 0x1648 wercplsupport - ok
12:48:38.0968 0x1648 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
12:48:39.0003 0x1648 WerSvc - ok
12:48:39.0030 0x1648 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:48:39.0062 0x1648 WfpLwf - ok
12:48:39.0077 0x1648 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:48:39.0090 0x1648 WIMMount - ok
12:48:39.0100 0x1648 WinDefend - ok
12:48:39.0108 0x1648 WinHttpAutoProxySvc - ok
12:48:39.0159 0x1648 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:48:39.0197 0x1648 Winmgmt - ok
12:48:39.0275 0x1648 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
12:48:39.0361 0x1648 WinRM - ok
12:48:39.0414 0x1648 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:48:39.0456 0x1648 Wlansvc - ok
12:48:39.0491 0x1648 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:48:39.0524 0x1648 WmiAcpi - ok
12:48:39.0551 0x1648 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:48:39.0576 0x1648 wmiApSrv - ok
12:48:39.0649 0x1648 WMPNetworkSvc - ok
12:48:39.0689 0x1648 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:48:39.0731 0x1648 WPCSvc - ok
12:48:39.0780 0x1648 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:48:39.0804 0x1648 WPDBusEnum - ok
12:48:39.0825 0x1648 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:48:39.0864 0x1648 ws2ifsl - ok
12:48:39.0882 0x1648 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
12:48:39.0901 0x1648 wscsvc - ok
12:48:39.0905 0x1648 WSearch - ok
12:48:40.0000 0x1648 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
12:48:40.0071 0x1648 wuauserv - ok
12:48:40.0097 0x1648 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:48:40.0112 0x1648 WudfPf - ok
12:48:40.0130 0x1648 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:48:40.0147 0x1648 WUDFRd - ok
12:48:40.0176 0x1648 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:48:40.0192 0x1648 wudfsvc - ok
12:48:40.0207 0x1648 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:48:40.0230 0x1648 WwanSvc - ok
12:48:40.0250 0x1648 ================ Scan global ===============================
12:48:40.0270 0x1648 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:48:40.0318 0x1648 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
12:48:40.0344 0x1648 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
12:48:40.0365 0x1648 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:48:40.0389 0x1648 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:48:40.0397 0x1648 [ Global ] - ok
12:48:40.0397 0x1648 ================ Scan MBR ==================================
12:48:40.0405 0x1648 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:48:40.0612 0x1648 \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
12:48:40.0612 0x1648 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:48:45.0603 0x1648 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:48:46.0187 0x1648 \Device\Harddisk1\DR1 - ok
12:48:46.0188 0x1648 ================ Scan VBR ==================================
12:48:46.0207 0x1648 [ 3BC10CC88F8FF85B03E89CD213821088 ] \Device\Harddisk0\DR0\Partition1
12:48:46.0210 0x1648 \Device\Harddisk0\DR0\Partition1 - ok
12:48:46.0216 0x1648 [ A111A0C79CA26FDF4F2C70BAA0C74470 ] \Device\Harddisk0\DR0\Partition2
12:48:46.0217 0x1648 \Device\Harddisk0\DR0\Partition2 - ok
12:48:46.0236 0x1648 [ A4F77465873C192D70DF959EED11E027 ] \Device\Harddisk0\DR0\Partition3
12:48:46.0238 0x1648 \Device\Harddisk0\DR0\Partition3 - ok
12:48:46.0243 0x1648 [ E2794B1FBCB7F4AF57EF3A5AD04BB417 ] \Device\Harddisk1\DR1\Partition1
12:48:46.0246 0x1648 \Device\Harddisk1\DR1\Partition1 - ok
12:48:46.0261 0x1648 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.2.234 ), 0x41000 ( enabled : updated )
12:48:46.0265 0x1648 Win FW state via NFP2: enabled
12:48:49.0554 0x1648 ============================================================
12:48:49.0554 0x1648 Scan finished
12:48:49.0554 0x1648 ============================================================
12:48:49.0574 0x10ec Detected object count: 6
12:48:49.0574 0x10ec Actual detected object count: 6
12:49:22.0826 0x10ec BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:22.0826 0x10ec BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:22.0829 0x10ec FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:22.0829 0x10ec FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:22.0831 0x10ec NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:22.0832 0x10ec NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:22.0834 0x10ec Themes ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:22.0834 0x10ec Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:22.0837 0x10ec USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:49:22.0837 0x10ec USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:49:22.0857 0x10ec \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
12:49:22.0859 0x10ec \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
12:49:22.0860 0x10ec \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
12:49:22.0862 0x10ec \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
12:49:22.0864 0x10ec \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
12:49:22.0866 0x10ec \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
12:49:22.0868 0x10ec \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
12:49:22.0871 0x10ec \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
12:49:22.0873 0x10ec \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
12:49:22.0876 0x10ec \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:49:22.0879 0x10ec \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:49:22.0881 0x10ec \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:49:22.0884 0x10ec \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:49:22.0886 0x10ec \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
12:49:22.0889 0x10ec \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
12:49:22.0892 0x10ec \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
12:49:22.0895 0x10ec \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
12:49:22.0903 0x10ec \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
12:49:22.0908 0x10ec \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
12:49:22.0914 0x10ec \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
12:49:22.0950 0x10ec \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
12:49:22.0956 0x10ec \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
12:49:23.0144 0x10ec \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
12:49:23.0149 0x10ec \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
12:49:23.0152 0x10ec \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
12:49:23.0171 0x10ec \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
12:49:23.0172 0x10ec \Device\Harddisk0\DR0\TDLFS - deleted
12:49:23.0172 0x10ec \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
12:49:41.0698 0x1104 Deinitialize success

Alt 29.12.2013, 13:19   #10
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Und hier der neue FRST Log:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013
Ran by Christian (administrator) on SERENITY on 29-12-2013 13:05:11
Running from C:\Users\Christian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
() C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Felix 'SniperBeamer' Geyer) C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(TODO: <Company name>) C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Farbar) C:\Users\Christian\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Monitor] - C:\Windows\PixArt\Pac207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2011-11-15] (Power Software Ltd)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini [334 2012-05-15] ()
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [VIAJDS] - C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe [458752 2009-12-08] (TODO: <Company name>)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-19] (Google Inc.)
HKCU\...\Run: [LightShot] - C:\Users\Christian\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
MountPoints2: G - G:\AutoRun.exe
MountPoints2: I - I:\AutoRun.exe
MountPoints2: P - P:\AutoRun.exe
MountPoints2: {00c06d96-0ffd-11e3-9047-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {00c06da7-0ffd-11e3-9047-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {7b0b37b1-8044-11e2-b239-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {7b0b37c1-8044-11e2-b239-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {7b0b37d0-8044-11e2-b239-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {b9af0a03-a139-11e2-bd8f-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {b9af0a18-a139-11e2-bd8f-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {b9af0a30-a139-11e2-bd8f-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {c090c0e4-19ea-11e3-837e-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a3563-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a3580-a1ff-11e2-8443-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {d87a359f-a1ff-11e2-8443-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {d87a35b2-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a35c1-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {d87a35d1-a1ff-11e2-8443-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {f9481e39-77a8-11e2-854d-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {f9481e5f-77a8-11e2-854d-0026189bbce8} - I:\AutoRun.exe
MountPoints2: {fe8e0010-72b2-11e2-bcb8-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {fe8e0020-72b2-11e2-bcb8-0026189bbce8} - P:\AutoRun.exe
MountPoints2: {fe8e0054-72b2-11e2-bcb8-0026189bbce8} - G:\AutoRun.exe
MountPoints2: {fe8e0063-72b2-11e2-bcb8-0026189bbce8} - G:\AutoRun.exe
AppInit_DLLs-x32: c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll  [2202728 2012-12-25] ()
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F90FCAF7AE9CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=0113_3&babsrc=SP_ss&mntrId=663b62ae0000000000000026189bbce8
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {F61253DD-9A2B-4E20-BA6F-E85A70E25BA7} URL = hxxp://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
SearchScopes: HKCU - ëç÷Þb—ÍZÛ²Ì,¾¾wD>Aà[mW[¯¼¡>Õ§ŒÑèßOf”ÓI¶åD‹È@]Èjim-	s»™’ URL = 
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\..\Interfaces\{317A8E88-9FE3-420B-962A-9E9437D84357}: [NameServer]139.7.30.125 139.7.30.126
Tcpip\..\Interfaces\{C14D50A9-426C-41F4-A4AC-2736913AD760}: [NameServer]139.7.30.125 139.7.30.126

FireFox:
========
FF ProfilePath: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default
FF user.js: detected! => C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\user.js
FF NewTab: hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=NT_ss&mntrId=663b62ae0000000000000026189bbce8
FF Homepage: https://www.google.de/
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0-git-20120212-0402 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Christian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Christian\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Super Start - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\superstart@enjoyfreeware.org
FF Extension: EPUBReader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: Ghostery - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Stealthy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\stealthyextension@gmail.com.xpi
FF Extension: NoScript - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Spamavert.com - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{8e9008b4-ec7c-4c2a-828e-007d5d2dad22}.xpi
FF Extension: ImTranslator - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: BetterPrivacy - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\sn1cppd8.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: BrowserProtect - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome: 
=======
CHR HomePage: hxxp://search.babylon.com/?affID=110184&tt=0113_3&babsrc=HP_ss&mntrId=663b62ae0000000000000026189bbce8
CHR RestoreOnStartup: "hxxp://www.google.de/webhp?source=search_app"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Search the web (Babylon)
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=0113_3&babsrc=SP_ss&mntrId=663b62ae0000000000000026189bbce8
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Christian\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Screen Capture Plugin) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (Google Update) - C:\Users\Christian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (YouTube) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Search Assistant ) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn\2.0.0
CHR Extension: (K-ON!) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijlppfhlfgamaofmpafjpibhdmmcbde\3_0
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: () - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0
CHR Extension: (Gmail) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Christian\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-27] (Avira Operations GmbH & Co. KG)
R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2547816 2012-12-25] ()
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-12-19] (Nitro PDF Software)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-06] (Pandora.TV)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-03-05] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-27] (Avira Operations GmbH & Co. KG)
S3 BEHRINGER_2902; C:\Windows\System32\Drivers\BUSB2902.sys [460864 2009-10-30] (BEHRINGER)
S3 BEHRINGER_2902; C:\Windows\SysWow64\Drivers\BUSB2902.sys [340480 2007-11-06] (BEHRINGER)
S3 BUSB_AUDIO_WDM; C:\Windows\System32\drivers\busbwdm.sys [49728 2009-10-30] (BEHRINGER)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-31] (DT Soft Ltd)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2013-08-28] (Huawei Technologies Co., Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-29 13:00 - 2013-12-29 13:04 - 01931262 _____ (Farbar) C:\Users\Christian\Downloads\FRST64(1).exe
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-29 12:01 - 2013-12-29 12:05 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(3).exe
2013-12-29 09:54 - 2013-12-29 12:54 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-12-28 12:12 - 2013-12-28 12:21 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\TDSSKiller19.exe
2013-12-28 12:03 - 2013-12-28 12:06 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(2).exe
2013-12-28 11:59 - 2013-12-28 12:02 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(1).exe
2013-12-28 11:55 - 2013-12-28 11:58 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller.exe
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-12-27 10:57 - 2013-12-27 10:57 - 00033205 _____ C:\Users\Christian\Desktop\Gmer.txt
2013-12-27 10:39 - 2013-12-27 10:41 - 00377856 _____ C:\Users\Christian\Downloads\gmer_2.1.19163.exe
2013-12-27 10:35 - 2013-12-27 10:35 - 00053850 _____ C:\Users\Christian\Desktop\Addition.txt
2013-12-27 10:35 - 2013-12-27 10:35 - 00051341 _____ C:\Users\Christian\Desktop\FRST.txt
2013-12-27 10:33 - 2013-12-27 10:34 - 00053850 _____ C:\Users\Christian\Downloads\Addition.txt
2013-12-27 10:29 - 2013-12-29 13:05 - 00028589 _____ C:\Users\Christian\Downloads\FRST.txt
2013-12-27 10:29 - 2013-12-29 12:58 - 00000000 ____D C:\FRST
2013-12-27 10:20 - 2013-12-27 10:28 - 01928716 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-12-27 10:13 - 2013-12-27 10:13 - 00000660 _____ C:\Users\Christian\Downloads\defogger_disable.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000188 _____ C:\Users\Christian\defogger_reenable
2013-12-27 10:12 - 2013-12-27 10:12 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2013-12-27 04:16 - 2013-12-27 11:47 - 00012056 _____ C:\Users\Christian\Desktop\Ereignisse.txt
2013-12-26 22:24 - 2013-12-26 22:24 - 00037348 _____ C:\Users\Christian\Downloads\colors_of_autumn.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00095742 _____ C:\Users\Christian\Downloads\lovely_excuse.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00019571 _____ C:\Users\Christian\Downloads\the_quick.zip
2013-12-26 22:20 - 2013-12-26 22:20 - 00032855 _____ C:\Users\Christian\Downloads\the_blue_oasis.zip
2013-12-26 22:09 - 2013-12-26 22:12 - 00110523 _____ C:\Users\Christian\Downloads\vtks_inked.zip
2013-12-26 22:08 - 2013-12-26 22:11 - 00429375 _____ C:\Users\Christian\Downloads\basterds.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00050419 _____ C:\Users\Christian\Downloads\from_where_you_are.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00025583 _____ C:\Users\Christian\Downloads\beginning_yoga.zip
2013-12-26 22:07 - 2013-12-26 22:08 - 00025090 _____ C:\Users\Christian\Downloads\lasting_love.zip
2013-12-26 22:06 - 2013-12-26 22:07 - 00122938 _____ C:\Users\Christian\Downloads\praying_angel.zip
2013-12-26 22:06 - 2013-12-26 22:07 - 00120623 _____ C:\Users\Christian\Downloads\a_brush_no.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00047131 _____ C:\Users\Christian\Downloads\leap_of_faith.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00014544 _____ C:\Users\Christian\Downloads\beginning_of_summer.zip
2013-12-26 22:05 - 2013-12-26 22:05 - 00018277 _____ C:\Users\Christian\Downloads\da_streets.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00094223 _____ C:\Users\Christian\Downloads\skinny_jeans.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00058703 _____ C:\Users\Christian\Downloads\nkotb_fever.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00047466 _____ C:\Users\Christian\Downloads\manga_temple.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00041602 _____ C:\Users\Christian\Downloads\international_playboy.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00035947 _____ C:\Users\Christian\Downloads\creator_credits.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00048371 _____ C:\Users\Christian\Downloads\blowhole.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00044382 _____ C:\Users\Christian\Downloads\zud_juice.zip
2013-12-26 21:32 - 2013-12-26 21:34 - 00255162 _____ C:\Users\Christian\Downloads\fish_fingers.zip
2013-12-26 21:32 - 2013-12-26 21:34 - 00142667 _____ C:\Users\Christian\Downloads\minya_nouvelle.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00089325 _____ C:\Users\Christian\Downloads\mandroid.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00026950 _____ C:\Users\Christian\Downloads\eight_years_later.zip
2013-12-26 21:27 - 2013-12-26 21:28 - 00045280 _____ C:\Users\Christian\Downloads\candy_stripe.zip
2013-12-26 21:24 - 2013-12-26 21:28 - 00285121 _____ C:\Users\Christian\Downloads\childs_play.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00040598 _____ C:\Users\Christian\Downloads\brown_bear_funk.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00023739 _____ C:\Users\Christian\Downloads\bottle_rocket.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00025439 _____ C:\Users\Christian\Downloads\blam_blam.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00022391 _____ C:\Users\Christian\Downloads\black_boys_on_mopeds.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00094590 _____ C:\Users\Christian\Downloads\acme_secret_agent.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00055656 _____ C:\Users\Christian\Downloads\anime_ace.zip
2013-12-26 21:20 - 2013-12-26 21:21 - 00073281 _____ C:\Users\Christian\Downloads\achilles.zip
2013-12-23 09:58 - 2013-12-23 16:08 - 106512568 _____ C:\Windows\SysWOW64\藽嬴–
2013-12-23 09:54 - 2013-12-23 10:12 - 00001822 _____ C:\Users\Christian\Desktop\Beschreibungen_aS.txt
2013-12-22 23:49 - 2013-12-22 23:49 - 00000000 ____D C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious]
2013-12-22 23:43 - 2013-12-22 23:49 - 03506155 _____ C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious].zip
2013-12-22 10:48 - 2013-12-22 10:50 - 00000000 ____D C:\Users\Christian\Desktop\Bilder_aS_Profil
2013-12-18 03:59 - 2013-12-18 03:59 - 00181083 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_04Uhr00_Final_v2.xlsm
2013-12-18 03:38 - 2013-12-18 03:54 - 00181073 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_03Uhr30_v2.xlsm
2013-12-18 03:13 - 2013-12-18 03:13 - 00004172 _____ C:\Users\Christian\Desktop\Wenn_DANN_Formeln.txt
2013-12-18 02:25 - 2013-12-18 03:03 - 00186431 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr30_v2.xlsm
2013-12-18 02:11 - 2013-12-18 02:18 - 00184676 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00_v2.xlsm
2013-12-18 02:04 - 2013-12-18 02:04 - 00183765 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00.xlsm
2013-12-18 01:27 - 2013-12-18 01:44 - 00187441 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr30.xlsm
2013-12-18 00:58 - 2013-12-18 00:58 - 00183247 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr00.xlsm
2013-12-18 00:28 - 2013-12-18 00:28 - 00182185 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr30.xlsm
2013-12-18 00:01 - 2013-12-18 00:20 - 00181437 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr00.xlsm
2013-12-17 22:33 - 2013-12-17 22:33 - 00000000 _____ C:\Users\Christian\Desktop\Neues Textdokument.txt
2013-12-17 21:16 - 2013-12-17 23:51 - 00180663 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_21Uhr15.xlsm
2013-12-17 20:57 - 2013-12-17 21:03 - 00184068 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU.xlsm
2013-12-16 20:10 - 2013-12-16 20:10 - 00024012 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest.xlsm
2013-12-16 20:08 - 2013-12-16 17:20 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF_2.xlsm
2013-12-16 20:08 - 2013-12-16 17:20 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF.xlsm
2013-12-15 19:06 - 2013-12-15 19:06 - 00014918 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest-2.xlsm
2013-12-14 13:35 - 2013-12-14 13:35 - 00068096 _____ C:\Users\Christian\Desktop\Kopie von BeispielUserForms.xls
2013-12-11 19:29 - 2012-08-09 11:40 - 00031232 _____ C:\Users\Christian\Desktop\test.xls
2013-12-09 21:21 - 2013-12-09 21:23 - 00780800 _____ C:\Users\Christian\Downloads\2007-2010_windows_7_vor_update.zip
2013-12-08 15:42 - 2013-12-08 15:48 - 01616864 _____ C:\Users\Christian\Downloads\[Payapaya]_Yurika_no_Campus_Life_Chapter_1.zip
2013-12-05 22:18 - 2013-12-05 22:24 - 03542704 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba](1).zip
2013-12-05 22:14 - 2013-12-05 22:18 - 02275256 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2013-12-05 08:59 - 2013-12-10 16:28 - 00000000 ____D C:\Users\Christian\Desktop\rivat
2013-12-03 21:16 - 2013-12-29 11:39 - 00000000 ____D C:\Users\Christian\Desktop\dj
2013-12-01 10:59 - 2013-12-08 21:36 - 00317339 _____ C:\Users\Christian\Desktop\Mangaliste_2.xlsm
2013-11-30 11:31 - 2013-11-30 11:30 - 02235763 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v02_the_sighs_of_suzumiya_haruhi_n.epub
2013-11-30 11:21 - 2013-11-30 11:19 - 02243783 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v01_the_melancholy_of_suzumiya_har.epub

==================== One Month Modified Files and Folders =======

2013-12-29 13:05 - 2013-12-27 10:29 - 00028589 _____ C:\Users\Christian\Downloads\FRST.txt
2013-12-29 13:04 - 2013-12-29 13:00 - 01931262 _____ (Farbar) C:\Users\Christian\Downloads\FRST64(1).exe
2013-12-29 12:58 - 2013-12-27 10:29 - 00000000 ____D C:\FRST
2013-12-29 12:54 - 2013-12-29 09:54 - 00003432 _____ C:\Windows\System32\Tasks\BrowserProtect
2013-12-29 12:49 - 2013-12-29 12:49 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-29 12:45 - 2012-03-31 15:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-29 12:42 - 2012-02-19 22:17 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA.job
2013-12-29 12:05 - 2013-12-29 12:01 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(3).exe
2013-12-29 11:53 - 2012-02-19 23:39 - 00000396 _____ C:\Windows\Tasks\update-S-1-5-21-794549961-1181347935-302815916-1001.job
2013-12-29 11:39 - 2013-12-03 21:16 - 00000000 ____D C:\Users\Christian\Desktop\dj
2013-12-29 11:16 - 2012-02-19 23:39 - 00000396 _____ C:\Windows\Tasks\update-sys.job
2013-12-29 11:02 - 2012-04-07 09:08 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Nitro PDF
2013-12-29 10:11 - 2012-02-17 16:18 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Winamp
2013-12-29 10:02 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-29 10:02 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-29 10:00 - 2009-07-14 18:58 - 01284002 _____ C:\Windows\system32\perfh007.dat
2013-12-29 10:00 - 2009-07-14 18:58 - 00680220 _____ C:\Windows\system32\perfc007.dat
2013-12-29 10:00 - 2009-07-14 06:13 - 00006666 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-29 09:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-29 09:54 - 2009-07-14 05:51 - 13994807 _____ C:\Windows\setupact.log
2013-12-29 04:04 - 2012-02-12 11:50 - 01608123 _____ C:\Windows\WindowsUpdate.log
2013-12-28 21:42 - 2012-02-19 22:17 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core.job
2013-12-28 12:21 - 2013-12-28 12:12 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Christian\Downloads\TDSSKiller19.exe
2013-12-28 12:06 - 2013-12-28 12:03 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(2).exe
2013-12-28 12:02 - 2013-12-28 11:59 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller(1).exe
2013-12-28 11:58 - 2013-12-28 11:55 - 01048400 _____ C:\Users\Christian\Downloads\tdsskiller.exe
2013-12-27 22:13 - 2012-02-13 00:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-27 20:23 - 2013-12-27 20:23 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes
2013-12-27 11:47 - 2013-12-27 04:16 - 00012056 _____ C:\Users\Christian\Desktop\Ereignisse.txt
2013-12-27 10:57 - 2013-12-27 10:57 - 00033205 _____ C:\Users\Christian\Desktop\Gmer.txt
2013-12-27 10:41 - 2013-12-27 10:39 - 00377856 _____ C:\Users\Christian\Downloads\gmer_2.1.19163.exe
2013-12-27 10:35 - 2013-12-27 10:35 - 00053850 _____ C:\Users\Christian\Desktop\Addition.txt
2013-12-27 10:35 - 2013-12-27 10:35 - 00051341 _____ C:\Users\Christian\Desktop\FRST.txt
2013-12-27 10:34 - 2013-12-27 10:33 - 00053850 _____ C:\Users\Christian\Downloads\Addition.txt
2013-12-27 10:28 - 2013-12-27 10:20 - 01928716 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2013-12-27 10:13 - 2013-12-27 10:13 - 00000660 _____ C:\Users\Christian\Downloads\defogger_disable.log
2013-12-27 10:13 - 2013-12-27 10:13 - 00000188 _____ C:\Users\Christian\defogger_reenable
2013-12-27 10:13 - 2012-02-12 11:55 - 00000000 ____D C:\Users\Christian
2013-12-27 10:12 - 2013-12-27 10:12 - 00050477 _____ C:\Users\Christian\Downloads\Defogger.exe
2013-12-27 01:57 - 2013-06-28 21:12 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-27 01:57 - 2013-06-28 21:12 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-12-26 22:24 - 2013-12-26 22:24 - 00037348 _____ C:\Users\Christian\Downloads\colors_of_autumn.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00095742 _____ C:\Users\Christian\Downloads\lovely_excuse.zip
2013-12-26 22:23 - 2013-12-26 22:23 - 00019571 _____ C:\Users\Christian\Downloads\the_quick.zip
2013-12-26 22:20 - 2013-12-26 22:20 - 00032855 _____ C:\Users\Christian\Downloads\the_blue_oasis.zip
2013-12-26 22:12 - 2013-12-26 22:09 - 00110523 _____ C:\Users\Christian\Downloads\vtks_inked.zip
2013-12-26 22:11 - 2013-12-26 22:08 - 00429375 _____ C:\Users\Christian\Downloads\basterds.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00050419 _____ C:\Users\Christian\Downloads\from_where_you_are.zip
2013-12-26 22:08 - 2013-12-26 22:08 - 00025583 _____ C:\Users\Christian\Downloads\beginning_yoga.zip
2013-12-26 22:08 - 2013-12-26 22:07 - 00025090 _____ C:\Users\Christian\Downloads\lasting_love.zip
2013-12-26 22:07 - 2013-12-26 22:06 - 00122938 _____ C:\Users\Christian\Downloads\praying_angel.zip
2013-12-26 22:07 - 2013-12-26 22:06 - 00120623 _____ C:\Users\Christian\Downloads\a_brush_no.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00047131 _____ C:\Users\Christian\Downloads\leap_of_faith.zip
2013-12-26 22:06 - 2013-12-26 22:06 - 00014544 _____ C:\Users\Christian\Downloads\beginning_of_summer.zip
2013-12-26 22:05 - 2013-12-26 22:05 - 00018277 _____ C:\Users\Christian\Downloads\da_streets.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00094223 _____ C:\Users\Christian\Downloads\skinny_jeans.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00058703 _____ C:\Users\Christian\Downloads\nkotb_fever.zip
2013-12-26 21:35 - 2013-12-26 21:35 - 00047466 _____ C:\Users\Christian\Downloads\manga_temple.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00041602 _____ C:\Users\Christian\Downloads\international_playboy.zip
2013-12-26 21:34 - 2013-12-26 21:34 - 00035947 _____ C:\Users\Christian\Downloads\creator_credits.zip
2013-12-26 21:34 - 2013-12-26 21:32 - 00255162 _____ C:\Users\Christian\Downloads\fish_fingers.zip
2013-12-26 21:34 - 2013-12-26 21:32 - 00142667 _____ C:\Users\Christian\Downloads\minya_nouvelle.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00048371 _____ C:\Users\Christian\Downloads\blowhole.zip
2013-12-26 21:33 - 2013-12-26 21:33 - 00044382 _____ C:\Users\Christian\Downloads\zud_juice.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00089325 _____ C:\Users\Christian\Downloads\mandroid.zip
2013-12-26 21:32 - 2013-12-26 21:32 - 00026950 _____ C:\Users\Christian\Downloads\eight_years_later.zip
2013-12-26 21:28 - 2013-12-26 21:27 - 00045280 _____ C:\Users\Christian\Downloads\candy_stripe.zip
2013-12-26 21:28 - 2013-12-26 21:24 - 00285121 _____ C:\Users\Christian\Downloads\childs_play.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00040598 _____ C:\Users\Christian\Downloads\brown_bear_funk.zip
2013-12-26 21:24 - 2013-12-26 21:24 - 00023739 _____ C:\Users\Christian\Downloads\bottle_rocket.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00025439 _____ C:\Users\Christian\Downloads\blam_blam.zip
2013-12-26 21:23 - 2013-12-26 21:23 - 00022391 _____ C:\Users\Christian\Downloads\black_boys_on_mopeds.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00094590 _____ C:\Users\Christian\Downloads\acme_secret_agent.zip
2013-12-26 21:22 - 2013-12-26 21:22 - 00055656 _____ C:\Users\Christian\Downloads\anime_ace.zip
2013-12-26 21:21 - 2013-12-26 21:20 - 00073281 _____ C:\Users\Christian\Downloads\achilles.zip
2013-12-24 00:04 - 2012-05-20 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-23 16:08 - 2013-12-23 09:58 - 106512568 _____ C:\Windows\SysWOW64\藽嬴–
2013-12-23 10:12 - 2013-12-23 09:54 - 00001822 _____ C:\Users\Christian\Desktop\Beschreibungen_aS.txt
2013-12-23 09:40 - 2012-12-07 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-22 23:49 - 2013-12-22 23:49 - 00000000 ____D C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious]
2013-12-22 23:49 - 2013-12-22 23:43 - 03506155 _____ C:\Users\Christian\Downloads\31_Degrees_Celsius_[lililicious].zip
2013-12-22 10:50 - 2013-12-22 10:48 - 00000000 ____D C:\Users\Christian\Desktop\Bilder_aS_Profil
2013-12-20 11:30 - 2012-02-19 13:28 - 00000000 ____D C:\Users\Christian\AppData\Roaming\vlc
2013-12-19 15:51 - 2012-08-19 15:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-12-19 15:05 - 2013-08-08 15:08 - 00000000 ____D C:\Users\Christian\AppData\Roaming\KeePass
2013-12-18 03:59 - 2013-12-18 03:59 - 00181083 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_04Uhr00_Final_v2.xlsm
2013-12-18 03:54 - 2013-12-18 03:38 - 00181073 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_03Uhr30_v2.xlsm
2013-12-18 03:13 - 2013-12-18 03:13 - 00004172 _____ C:\Users\Christian\Desktop\Wenn_DANN_Formeln.txt
2013-12-18 03:03 - 2013-12-18 02:25 - 00186431 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr30_v2.xlsm
2013-12-18 02:18 - 2013-12-18 02:11 - 00184676 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00_v2.xlsm
2013-12-18 02:04 - 2013-12-18 02:04 - 00183765 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_02Uhr00.xlsm
2013-12-18 01:44 - 2013-12-18 01:27 - 00187441 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr30.xlsm
2013-12-18 00:58 - 2013-12-18 00:58 - 00183247 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_01Uhr00.xlsm
2013-12-18 00:28 - 2013-12-18 00:28 - 00182185 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr30.xlsm
2013-12-18 00:20 - 2013-12-18 00:01 - 00181437 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_00Uhr00.xlsm
2013-12-17 23:51 - 2013-12-17 21:16 - 00180663 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU_21Uhr15.xlsm
2013-12-17 22:33 - 2013-12-17 22:33 - 00000000 _____ C:\Users\Christian\Desktop\Neues Textdokument.txt
2013-12-17 21:03 - 2013-12-17 20:57 - 00184068 _____ C:\Users\Christian\Desktop\ENTSCHEIDUNG_TIER1_NEU.xlsm
2013-12-16 20:10 - 2013-12-16 20:10 - 00024012 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest.xlsm
2013-12-16 17:20 - 2013-12-16 20:08 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF_2.xlsm
2013-12-16 17:20 - 2013-12-16 20:08 - 00182787 _____ C:\Users\Christian\Desktop\Entscheidungshilfe_Tier-1_test2GANDALF.xlsm
2013-12-15 19:06 - 2013-12-15 19:06 - 00014918 _____ C:\Users\Christian\Desktop\Kopie von Kurosakitest-2.xlsm
2013-12-14 13:35 - 2013-12-14 13:35 - 00068096 _____ C:\Users\Christian\Desktop\Kopie von BeispielUserForms.xls
2013-12-11 20:27 - 2012-10-23 09:41 - 00000000 ____D C:\Users\Christian\Documents\Calibre Bibliothek
2013-12-10 16:28 - 2013-12-05 08:59 - 00000000 ____D C:\Users\Christian\Desktop\rivat
2013-12-09 21:23 - 2013-12-09 21:21 - 00780800 _____ C:\Users\Christian\Downloads\2007-2010_windows_7_vor_update.zip
2013-12-08 21:36 - 2013-12-01 10:59 - 00317339 _____ C:\Users\Christian\Desktop\Mangaliste_2.xlsm
2013-12-08 15:48 - 2013-12-08 15:42 - 01616864 _____ C:\Users\Christian\Downloads\[Payapaya]_Yurika_no_Campus_Life_Chapter_1.zip
2013-12-05 22:24 - 2013-12-05 22:18 - 03542704 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba](1).zip
2013-12-05 22:18 - 2013-12-05 22:14 - 02275256 _____ C:\Users\Christian\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2013-12-03 21:37 - 2012-02-19 22:17 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001UA
2013-12-03 21:37 - 2012-02-19 22:17 - 00003718 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-794549961-1181347935-302815916-1001Core
2013-11-30 11:30 - 2013-11-30 11:31 - 02235763 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v02_the_sighs_of_suzumiya_haruhi_n.epub
2013-11-30 11:19 - 2013-11-30 11:21 - 02243783 _____ C:\Users\Christian\Desktop\suzumiya_haruhi_v01_the_melancholy_of_suzumiya_har.epub

Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc_whql.exe
C:\Users\Christian\AppData\Local\Temp\AskSLib.dll
C:\Users\Christian\AppData\Local\Temp\avgnt.exe
C:\Users\Christian\AppData\Local\Temp\binkw32.dll
C:\Users\Christian\AppData\Local\Temp\d2l_Install.exe
C:\Users\Christian\AppData\Local\Temp\DTLite4454-0315.exe
C:\Users\Christian\AppData\Local\Temp\IcqUpdater.exe
C:\Users\Christian\AppData\Local\Temp\installerdll28338860.dll
C:\Users\Christian\AppData\Local\Temp\jna4221618882833569241.dll
C:\Users\Christian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.109.exe
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.113.exe
C:\Users\Christian\AppData\Local\Temp\ose00000.exe
C:\Users\Christian\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\Christian\AppData\Local\Temp\pyl3DB.tmp.exe
C:\Users\Christian\AppData\Local\Temp\RESTART.exe
C:\Users\Christian\AppData\Local\Temp\set0000.exe
C:\Users\Christian\AppData\Local\Temp\set0001.exe
C:\Users\Christian\AppData\Local\Temp\set0002.exe
C:\Users\Christian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christian\AppData\Local\Temp\sonarinst.exe
C:\Users\Christian\AppData\Local\Temp\tmp2338.exe
C:\Users\Christian\AppData\Local\Temp\tmp5C42.exe
C:\Users\Christian\AppData\Local\Temp\tmp5CCF.exe
C:\Users\Christian\AppData\Local\Temp\tmp6834.exe
C:\Users\Christian\AppData\Local\Temp\tmp8880.exe
C:\Users\Christian\AppData\Local\Temp\tmpA997.exe
C:\Users\Christian\AppData\Local\Temp\tmpD95D.exe
C:\Users\Christian\AppData\Local\Temp\tmpDDE0.exe
C:\Users\Christian\AppData\Local\Temp\tmpE168.exe
C:\Users\Christian\AppData\Local\Temp\tmpE8E7.exe
C:\Users\Christian\AppData\Local\Temp\tmpFC78.exe
C:\Users\Christian\AppData\Local\Temp\ydetect.exe
C:\Users\Christian\AppData\Local\Temp\_isACF3.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-20 00:39

==================== End Of Log ============================
--- --- ---
Alt 30.12.2013, 17:51   #11
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Schritt 1
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Poste folgende Logfiles in deiner nächsten Antwort:
  • MBAR-Scan
__________________
Gruß,

Jonas

Alt 30.12.2013, 18:47   #12
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Moin.

Also, ich habe gerade den Suchlauf starten lassen, und finde 61 inizierte Objekte. Allerdings sehe ich keinen CleanUp Button. Hier ist das Log:


Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Datenbank Version: v2013.12.30.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: SERENITY [Administrator]

30.12.2013 18:29:36
MBAM-log-2013-12-30 (18-45-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238443
Laufzeit: 14 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 16
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: Babylon Search -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 5
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BProtector) -> Bösartig: (c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll) Gut: () -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}) Gut: (Google) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}) Gut: (Google) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}) Gut: (Google) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=DE&userid=70185bdf-f9aa-4cb1-ab25-40255259940c&searchtype=ds&q={searchTerms}) Gut: (Google) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 9
C:\Users\Christian\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\FF (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\IE (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.7.2 (PUP.Optional.BabylonToolbar.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 29
C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BProtector) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\KMP_3.3.0.33.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\KMP_3.4.0.59.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\KMP_3.5.0.77.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\KMP_3.6.0.87.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.109.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\KMP_3.7.0.113.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\DA4CB950-BAB0-7891-ABDC-0464DAF3932D\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\DA4CB950-BAB0-7891-ABDC-0464DAF3932D\Latest\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\is-95GPI.tmp\is-95GPI.tmp.exe (Riskware.InstallMonetizer) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Temp\smartbar\Installer.msi (PUP.Optional.SmartBar.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\Downloads\AllHM.rar.exe (PUP.Optional.OneClickDownloader.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\Downloads\passwordfox_136.zip (PUP.PSW.PassFox) -> Keine Aktion durchgeführt.
C:\Users\Christian\Downloads\SoftonicDownloader_fuer_dev-c.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\Downloads\SoftonicDownloader_fuer_nexus.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\Downloads\SoftonicDownloader_fuer_rocketdock.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\Downloads\winamp5623_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\CR\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\FF\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\IE\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\Shared\BabyTBConf.ini (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Christian\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

(Ende)

Alt 30.12.2013, 19:00   #13
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware
Das ist Malwarebytes Anti-Malware und nicht Malwarebytes Anti-Rootkit. Bitte nochmal sorgfältig den Schritt durchlesen und von dem angegeben Link die Datei herunterladen .
__________________
Gruß,

Jonas
Geändert von sunjojo (30.12.2013 um 19:32 Uhr)

Alt 30.12.2013, 22:54   #14
Durkadenz
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Meh, das war dumm von mir. Sorry. So. Es ist durchgelaufen, hab den Cleanup Button gedrückt. NAch dem Neustart ist zumindest mein Avira nicht angesprungen, was sonst der Fall gewesen ist. Aktuell läuft nochmal ein Check, aber hier der Log vom vorigen:

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
Malwarebytes : Free Anti-Malware

Database version: v2013.12.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: SERENITY [administrator]

30.12.2013 20:04:31
mbar-log-2013-12-30 (20-04-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 275955
Time elapsed: 27 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Christian\AppData\Local\Temp\is-95GPI.tmp\is-95GPI.tmp.exe (Riskware.InstallMonetizer) -> Delete on reboot.

Physical Sectors Detected: 1
Physical Sector #976771072 on Drive #0 (Rootkit.Alureon.E.VBR) -> Replace on reboot.

(end)

So, also der neue Scan ist durchgelaufen, und auch hier wird nichts mehr gefunden:


Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: SERENITY [administrator]

30.12.2013 22:15:52
mbar-log-2013-12-30 (22-15-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 274751
Time elapsed: 33 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Alt 31.12.2013, 11:52   #15
sunjojo
/// Malwareteam
 
Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Standard

Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


Schritt 1
Bitte deinstalliere folgende Programme:
  • Babylon Chrome Toolbar
  • Babylon toolbar
  • BrowserProtect
Gehe dafür auf:
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows XP: Start -> Systemsteuerung -> Kategorieansicht (falls nicht voreingestellt) -> Software
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7).

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • AdwCleaner-Scan
  • FRST-Scan
__________________
Gruß,

Jonas

Antwort
Seite 1 von 2 1 2

Themen zu Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden
adblock, anime, antivir, avira, bildschirm, bonjour, branding, browser, converter, desktop, downloader, error, excel, firefox, flash player, google, home, homepage, iexplore.exe, launch, malware, mp3, newtab, plug-in, poweriso, programm, search the web, security, server, software, startbildschirm, starten, super, system, virus


« TR/Crypt.Xpack.41536 in der Outlook .pst | Werbung trotz Addblocker Plus. Funktioniert nicht. »


Ähnliche Themen: Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden


  1. Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.09.2014 (24)
  2. Windows 7: Virus 'BOO/TDss.O' im Masterbootsektor
    Log-Analyse und Auswertung - 08.05.2014 (33)
  3. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (3)
  4. BOO/TDss.O im Masterbootsektor
    Log-Analyse und Auswertung - 17.04.2014 (11)
  5. Avira meldet nach Update "TR/Spy.131488" gefunden --> Quarantäne und nun?
    Log-Analyse und Auswertung - 10.03.2014 (13)
  6. BOO /TDss.O im Masterbootsektor gefunden nach Installation von Windows 7 auf einer zweiten internen Festplatte
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (33)
  7. Win Vista: Avira meldet 'BOO/TDss.O' gefunden
    Log-Analyse und Auswertung - 03.01.2014 (32)
  8. Windows 7: BOO/TDss.O in Masterbootsektor nach Formatierung
    Log-Analyse und Auswertung - 17.11.2013 (6)
  9. Virus BOO/Whistler.DB im Masterbootsektor HD1 gefunden(Avira)
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (5)
  10. BOO/TDss.M in Masterbootsektor
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (22)
  11. Virus oder unerwünschtes Programm ' BOO/TDss.O' wurde von Antivir gefunden
    Log-Analyse und Auswertung - 19.02.2012 (29)
  12. BOO/TDss.m Masterbootsektor verseucht! versuch zu bereinigen gescheitert
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (27)
  13. BOO/TDss.M im Masterbootsektor gefunden.(Antivir) Auch nach Systemrücksetzung mit Samsung Recovery
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (36)
  14. Masterbootsektor HD0 Virus BOO/TDss.D
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (35)
  15. BOO/TDss.M im Masterbootsektor/HD0 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 25.07.2011 (27)
  16. BOO/TDss.M im Masterbootsektor gefunden - wie entfernen?
    Log-Analyse und Auswertung - 20.05.2011 (26)
  17. Masterbootsektor mit BOO/TDss.M vereucht
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (32)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden - Guten Morgen allerseits. Heute Nacht haben ich es endlich nach vielen vergeblichen Versuchen geschafft, Avira upzudaten. Vorher ist es immer abbgebrochen, da ich nur einen Surfstick habe. Dadurch habe ich - Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden...
Archiv
Du betrachtest: Nach Avira Update: Win 7- BOO/TDss.O wurde im Masterbootsektor gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129