WindowsVista: TrojanerRootkitfund, Virenprogramme deaktiviert

Jugi · 26.06.2014, 00:45

Hallö alle miteinander

,

nachdem der Laptop einer Freundin alle Sicherheitsanwendungen deaktiviert hat (Avira, Windows Defender, Windows Updates etc.), führten wir einen Scan mittels Malwarebytes durch, der folgendes Ergebnis brachte:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.06.2014
Suchlauf-Zeit: 23:25:28
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.25.18
Rootkit Datenbank: v2014.06.23.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Krissi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 317338
Verstrichene Zeit: 10 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 20
Trojan.Rootkit.Nec, c:\Windows\System32\drivers\ada747308081ce1.sys, , [d0e6fb81e5963ff745ba4a3de021649c], 
Exploit.Drop.GS, c:\Users\TEMP\AppData\Local\Temp\syshost.exe, , [7e385d1f7cffd165c1570fde50b2cb35], 
Exploit.Drop.GS, c:\Users\UpdatusUser\AppData\Local\Temp\syshost.exe, , [4a6cd7a5b5c62c0a9385a7468d7534cc], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\syshost.exe, , [8c2a4b31e398092ddd3beeffa35f8c74], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\syshost.exe, , [00b6621a4239e94d70a8d9148f7322de], 
Exploit.Drop.GS, c:\Windows\Temp\syshost.exe, , [f4c2621a5625dc5a799f7f6e57ab50b0], 
Exploit.Drop.GSLAD, c:\Users\TEMP\AppData\Local\syshost.exe, , [5066eb911b6073c3f1eceeff11f1f010], 
Exploit.Drop.GSLAD, c:\Users\UpdatusUser\AppData\Local\syshost.exe, , [08aeb5c7215a42f405d8e4097092d927], 
Exploit.Drop.GSLAD, c:\Windows\ServiceProfiles\LocalService\AppData\Local\syshost.exe, , [a21492ea1d5e44f20ad3f9f453afde22], 
Exploit.Drop.GSLAD, c:\Windows\ServiceProfiles\NetworkService\AppData\Local\syshost.exe, , [c8eea7d52e4d3ff756872ebf25dd07f9], 
Exploit.Drop.GSLAD, c:\Windows\System32\config\systemprofile\AppData\Local\syshost.exe, , [2e8823590b704beb5885e10cec167c84], 
Exploit.Drop.GS, c:\Users\Default\syshost.exe, , [7a3cf4882853c76f64add01e6e9456aa], 
Exploit.Drop.GS, c:\Users\Krissi\syshost.exe, , [06b0e99327541b1b090839b5d32f1be5], 
Exploit.Drop.GS, c:\Users\Public\syshost.exe, , [5e58b6c64932f83ea968bb333bc79868], 
Exploit.Drop.GS, c:\Users\TEMP\syshost.exe, , [a4129edee695a29440d120ce24de40c0], 
Exploit.Drop.GS, c:\Users\UpdatusUser\syshost.exe, , [f5c1c3b9bdbe072f838eca24877b24dc], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\LocalService\syshost.exe, , [b600423af4873cfa937ec02ed32f46ba], 
Exploit.Drop.GS, c:\Windows\ServiceProfiles\NetworkService\syshost.exe, , [ddd9ec90196239fdec25935bff036997], 
Exploit.Drop.GS, c:\Windows\System32\config\systemprofile\syshost.exe, , [9d192d4f1368d85e58b96886bd45738d], 
Spyware.Agent, c:\Users\Krissi\AppData\Local\Temp\syshost.exe, , [457186f6a9d285b12262a4da47bc4eb2], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Das Löschen der gefundenen Objekte war auf konventionellen Weg nicht möglich.

Wir bitten deshalb freundlichst um eure Hilfe und Unterstützung.

Natürlich haben wir ein paar hübsche Logfiles mit FRST, OTL und GMER angefertigt, die ihr als Anhang erhaltet.

Ich bedanke mich für die Aufmerksamkeit und freue mich auf schon auf eine baldige Anwort.

Mit freundlichen Grüßen
Jugi

schrauber · 26.06.2014, 04:48

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Jugi · 26.06.2014, 18:26

Ok. Tut mir leid, dass ich es als Anhang gemacht habe. Es war spät, ich war müde und hatte beim "Einarbeiten" irgendwas von Anhang gelesen.

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Krissi (administrator) on KRISSI-PC on 25-06-2014 23:59:52
Running from C:\Users\Krissi\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\ieconfig_1und1_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-381946461-3025875304-1193097581-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003\...\MountPoints2: {58c80f0a-4f5c-11de-a804-001377ad17b8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {58c80f0a-4f5c-11de-a804-001377ad17b8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {58c80f0a-4f5c-11de-a804-001377ad17b8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-381946461-3025875304-1193097581-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-381946461-3025875304-1193097581-1007\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-381946461-3025875304-1193097581-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-381946461-3025875304-1193097581-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: c:\progra~2\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll => c:\progra~2\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll File Not Found
Startup: C:\Users\Krissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100722174826.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Search the web (Babylon)
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\bProtect.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\webde-suche.xml
FF Extension: No Name - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\staged [2012-09-08]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-25]
FF Extension: ICQ Toolbar - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-04-14]
FF Extension: ICQ Toolbar - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(131) [2012-01-08]
FF Extension: WEB.DE Toolbar - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\toolbar@web.de.xpi [2011-05-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-09-03]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-12-03]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-16]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Krissi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2011-12-12]

========================== Services (Whitelisted) =================

Locked "ada747308081ce1" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-07-10] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [170144 2010-05-31] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [188136 2010-05-31] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [141792 2010-05-31] (McAfee, Inc.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-07-10] (Intel(R) Corporation) [File not signed]
R2 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [1404008 2011-03-29] ()
S2 ffdshow manager; C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [X]

==================== Drivers (Whitelisted) ====================

R1 AFD; C:\Windows\system32\drivers\afd.sys [273408 2011-04-21] () [File not signed]
S3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161888 2006-11-28] () [File not signed]
S3 agp440; C:\Windows\system32\drivers\agp440.sys [56376 2008-01-21] () [File not signed]
S4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [71272 2006-11-02] () [File not signed]
U0 ajxt; C:\Windows\System32\drivers\kvegscj.sys [52440 2014-06-25] (Malwarebytes Corporation)
S4 aliide; C:\Windows\system32\drivers\aliide.sys [17464 2008-01-21] () [File not signed]
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [57400 2008-01-21] () [File not signed]
S4 amdide; C:\Windows\system32\drivers\amdide.sys [17976 2008-01-21] () [File not signed]
S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [41472 2008-01-21] () [File not signed]
S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [44032 2008-01-21] () [File not signed]
S4 arc; C:\Windows\system32\drivers\arc.sys [79416 2008-01-21] () [File not signed]
S4 arcsas; C:\Windows\system32\drivers\arcsas.sys [79928 2008-01-21] () [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2008-01-21] () [File not signed]
R0 atapi; C:\Windows\System32\drivers\atapi.sys [21560 2008-01-21] () [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [1203712 2009-12-17] () [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-15] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-20] () [File not signed]
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] () [File not signed]
S3 bcm4sbxp; C:\Windows\System32\DRIVERS\bcm4sbxp.sys [45056 2006-11-02] () [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2008-01-21] () [File not signed]
S4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45568 2008-01-21] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] () [File not signed]
S4 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] () [File not signed]
S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] () [File not signed]
S4 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] () [File not signed]
S3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] () [File not signed]
S3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [19456 2008-01-21] () [File not signed]
S4 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] () [File not signed]
S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [92160 2008-01-21] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [220160 2008-04-29] () [File not signed]
S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [29184 2008-04-29] () [File not signed]
S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [80424 2008-02-14] () [File not signed]
S3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [80936 2007-07-16] () [File not signed]
S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [16168 2007-07-16] () [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2008-01-21] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2009-04-11] () [File not signed]
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [55456 2010-05-31] () [File not signed]
S4 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2008-01-21] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14208 2008-01-21] () [File not signed]
S4 cmdide; C:\Windows\system32\drivers\cmdide.sys [19000 2008-01-21] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [20792 2008-01-21] () [File not signed]
R0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [24632 2008-01-21] () [File not signed]
S4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [40960 2008-01-21] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-04-14] () [File not signed]
R0 disk; C:\Windows\System32\drivers\disk.sys [53736 2009-04-11] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2008-01-21] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [638400 2013-08-01] () [File not signed]
S3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2008-01-21] () [File not signed]
R0 Ecache; C:\Windows\System32\drivers\ecache.sys [141288 2009-04-11] () [File not signed]
S4 elxstor; C:\Windows\system32\drivers\elxstor.sys [342584 2008-01-21] () [File not signed]
S4 ErrDev; C:\Windows\system32\drivers\errdev.sys [6656 2008-01-21] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [136704 2009-04-11] () [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [142848 2009-04-11] () [File not signed]
S4 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2008-01-21] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58936 2008-01-21] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2008-01-21] () [File not signed]
S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2008-01-21] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] () [File not signed]
S3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [39272 2012-03-08] () [File not signed]
U1 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [12800 2012-02-29] () [File not signed]
S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [61496 2008-01-21] () [File not signed]
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [26840 2012-08-21] () [File not signed]
U0 ghpwv; C:\Windows\System32\drivers\bxdbbu.sys [52440 2014-06-25] (Malwarebytes Corporation)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [235520 2006-11-02] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [561152 2009-04-11] () [File not signed]
S4 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] () [File not signed]
S4 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] () [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12800 2009-04-11] () [File not signed]
S4 HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [40504 2008-01-21] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [411648 2010-02-20] () [File not signed]
S4 i2omp; C:\Windows\system32\drivers\i2omp.sys [30264 2008-01-21] () [File not signed]
R1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2008-01-21] () [File not signed]
S3 ialm; C:\Windows\System32\DRIVERS\igdkmd32.sys [1380864 2006-10-19] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [319000 2008-07-22] () [File not signed]
S4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [235064 2008-01-21] () [File not signed]
S4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [2098904 2008-04-17] () [File not signed]
S4 intelide; C:\Windows\system32\drivers\intelide.sys [17976 2008-01-21] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [41472 2008-01-21] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47616 2008-01-21] () [File not signed]
S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [64512 2008-01-21] () [File not signed]
S3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [100864 2008-01-21] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2008-01-21] () [File not signed]
S4 isapnp; C:\Windows\system32\drivers\isapnp.sys [49720 2008-01-21] () [File not signed]
R3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [180712 2009-04-11] () [File not signed]
S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] () [File not signed]
S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] () [File not signed]
R1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2008-01-21] () [File not signed]
S1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [17408 2009-04-11] () [File not signed]
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] () [File not signed]
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [440704 2012-06-04] () [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-15] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2008-01-21] () [File not signed]
S4 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [96312 2008-01-21] () [File not signed]
S4 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [89656 2008-01-21] () [File not signed]
S4 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [96312 2008-01-21] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [84480 2008-01-21] () [File not signed]
S4 megasas; C:\Windows\system32\drivers\megasas.sys [31288 2008-01-21] () [File not signed]
S4 MegaSR; C:\Windows\system32\drivers\megasr.sys [386616 2008-01-21] () [File not signed]
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [95568 2010-05-31] () [File not signed]
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [152320 2010-05-31] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [51688 2010-05-31] () [File not signed]
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [312616 2010-05-31] () [File not signed]
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [385880 2010-05-31] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64304 2010-05-31] () [File not signed]
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [83496 2010-05-31] () [File not signed]
S1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [160720 2010-05-31] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2008-01-21] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2008-01-21] () [File not signed]
R1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2008-01-21] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2008-01-21] () [File not signed]
R0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [57400 2008-01-21] () [File not signed]
S4 mpio; C:\Windows\system32\drivers\mpio.sys [105016 2008-01-21] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [64000 2008-01-21] () [File not signed]
S4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [114688 2009-04-11] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [106496 2011-04-29] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [214016 2011-07-06] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [79872 2011-04-29] () [File not signed]
S4 msahci; C:\Windows\system32\drivers\msahci.sys [28728 2008-01-21] () [File not signed]
S4 msdsm; C:\Windows\system32\drivers\msdsm.sys [94776 2008-01-21] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2008-01-21] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [16440 2008-01-21] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2008-01-21] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2008-01-21] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2008-01-21] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [161752 2009-04-11] () [File not signed]
R3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [31288 2008-01-21] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2008-01-21] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [48104 2009-04-11] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [148480 2009-04-11] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [527848 2009-04-11] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2008-01-21] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2008-01-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [121344 2009-04-11] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [49664 2008-01-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2008-01-21] () [File not signed]
R1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-11] () [File not signed]
S3 NETw3v32; C:\Windows\System32\DRIVERS\NETw3v32.sys [2225664 2008-01-21] () [File not signed]
S4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [45160 2006-11-02] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-04-11] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2008-01-21] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] () [File not signed]
S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] () [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2008-01-21] () [File not signed]
R3 NVHDA; C:\Windows\System32\drivers\nvhda32v.sys [149352 2013-02-18] () [File not signed]
R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [8904632 2012-12-29] () [File not signed]
S4 nvraid; C:\Windows\system32\drivers\nvraid.sys [102968 2008-01-21] () [File not signed]
S4 nvstor; C:\Windows\system32\drivers\nvstor.sys [45112 2008-01-21] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [109112 2008-01-21] () [File not signed]
S4 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [61952 2008-01-21] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2006-11-02] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [53120 2012-03-21] () [File not signed]
S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2006-11-02] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [149480 2009-04-11] () [File not signed]
S4 pciide; C:\Windows\system32\drivers\pciide.sys [16440 2008-01-21] () [File not signed]
S4 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [179256 2008-01-21] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [62976 2008-01-21] () [File not signed]
S4 Processor; C:\Windows\system32\drivers\processr.sys [40960 2008-01-21] () [File not signed]
R1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [72192 2009-04-11] () [File not signed]
S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [1122360 2008-01-21] () [File not signed]
S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106088 2006-11-02] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2008-01-21] () [File not signed]
R1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2008-01-21] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [76288 2008-01-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2009-04-11] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [69120 2009-04-11] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [225280 2009-04-11] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2008-01-21] () [File not signed]
S4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [248832 2008-01-21] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2008-01-21] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [180736 2012-05-01] () [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [50688 2008-02-21] () [File not signed]
R2 RMCAST; C:\Windows\System32\DRIVERS\RMCAST.sys [113664 2009-04-11] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2008-01-21] () [File not signed]
S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [76392 2006-11-02] () [File not signed]
S4 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [88576 2008-01-21] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2006-11-02] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2006-11-02] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2006-11-02] () [File not signed]
S4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2008-01-21] () [File not signed]
S4 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2008-01-21] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2008-01-21] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [11776 2008-01-21] () [File not signed]
S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [55864 2008-01-21] () [File not signed]
S4 SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [41016 2008-01-21] () [File not signed]
S4 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [74808 2008-01-21] () [File not signed]
R1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66560 2009-04-11] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [21048 2008-01-21] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [305152 2011-02-18] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [146432 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [102400 2011-04-29] () [File not signed]
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [15288 2008-01-21] () [File not signed]
S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [35944 2006-11-02] () [File not signed]
S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [31848 2006-11-02] () [File not signed]
S4 Sym_u3; C:\Windows\system32\drivers\sym_u3.sys [34920 2006-11-02] () [File not signed]
R3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [193456 2007-10-26] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [915392 2014-04-05] () [File not signed]
S3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [915392 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [31232 2014-04-05] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2008-01-21] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29184 2008-01-21] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [72192 2009-04-11] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [53224 2009-04-11] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [24064 2013-06-15] () [File not signed]
R3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [15360 2008-01-21] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [25088 2010-02-18] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [59448 2008-01-21] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [226816 2009-04-11] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [60984 2008-01-21] () [File not signed]
S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [238648 2008-01-21] () [File not signed]
S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] () [File not signed]
S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2008-01-21] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2008-01-21] () [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2013-06-29] () [File not signed]
S4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [39936 2011-05-05] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [197632 2013-06-29] () [File not signed]
S4 usbohci; C:\Windows\system32\drivers\usbohci.sys [19456 2006-11-02] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [18944 2008-01-21] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [65536 2009-04-11] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [23552 2011-05-05] () [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [134016 2008-01-21] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2008-01-21] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2008-01-21] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [56888 2008-01-21] () [File not signed]
S4 ViaC7; C:\Windows\system32\drivers\viac7.sys [41472 2008-01-21] () [File not signed]
S4 viaide; C:\Windows\system32\drivers\viaide.sys [20024 2008-01-21] () [File not signed]
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-09-03] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [52792 2008-01-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [292840 2009-04-11] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [224640 2012-08-21] () [File not signed]
S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [130616 2008-01-21] () [File not signed]
S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] () [File not signed]
S3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [62464 2008-01-21] () [File not signed]
S4 Wd; C:\Windows\system32\drivers\wd.sys [22072 2008-01-21] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-27] () [File not signed]
S4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2008-01-21] () [File not signed]
S3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [40448 2009-10-01] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2008-01-21] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () [File not signed]
R3 yukonwlh; C:\Windows\System32\DRIVERS\yk60x86.sys [298496 2007-12-28] () [File not signed]
U5 ada747308081ce1; C:\Windows\System32\Drivers\ada747308081ce1.sys [37248 2014-06-25] () <===== ATTENTION Necurs Rootkit?
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28216 2008-01-21] () [File not signed]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VMC302; System32\Drivers\VMC302.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-25 23:59 - 2014-06-26 00:00 - 00049542 _____ () C:\Users\Krissi\Desktop\FRST.txt
2014-06-25 23:59 - 2014-06-25 23:59 - 00602112 _____ (OldTimer Tools) C:\Users\Krissi\Desktop\OTL.exe
2014-06-25 23:59 - 2014-06-25 23:59 - 00000000 ____D () C:\FRST
2014-06-25 23:57 - 2014-06-25 23:57 - 00380416 _____ () C:\Users\Krissi\Desktop\Gmer-19357.exe
2014-06-25 23:54 - 2014-06-25 23:54 - 01073152 _____ (Farbar) C:\Users\Krissi\Desktop\FRST.exe
2014-06-25 23:39 - 2014-06-25 23:39 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\kvegscj.sys
2014-06-25 23:37 - 2014-06-25 23:37 - 00003261 _____ () C:\Users\Krissi\Desktop\mbam.txt
2014-06-25 23:25 - 2014-06-25 23:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\11CE19DA.sys
2014-06-25 19:43 - 2014-06-25 19:43 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\bxdbbu.sys
2014-06-25 19:33 - 2014-06-25 19:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1F8F04E3.sys
2014-06-25 14:44 - 2014-06-25 14:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\xxqwcfsn.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 94714880 _____ (AVAST Software) C:\Users\Krissi\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-25 14:43 - 2014-06-25 14:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\pysdfqyd.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 ___SH () C:\Users\TEMP\ntuser.ini
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 ____D () C:\Users\TEMP
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-25 14:01 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-25 14:01 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-25 13:39 - 2014-06-25 13:39 - 05155328 _____ () C:\Users\Krissi\Downloads\windowsdefender1593dt.msi
2014-06-25 13:32 - 2014-06-25 13:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7B305B94.sys
2014-06-25 12:52 - 2014-06-25 12:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\10AC4DA0.sys
2014-06-25 12:51 - 2014-06-25 23:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-25 10:57 - 2014-06-25 10:57 - 00037248 _____ () C:\Windows\system32\Drivers\ada747308081ce1.sys
2014-06-20 00:55 - 2014-06-24 20:00 - 00110296 _____ () C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2014-05-12 07:26 - 00051928 _____ () C:\Windows\system32\Drivers\mwac.sys
2014-06-20 00:54 - 2014-05-12 07:25 - 00074456 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 21:58 - 2014-06-15 21:58 - 00000000 ____D () C:\Users\Krissi\AppData\Local\Adobe
2014-06-12 15:02 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 15:02 - 2014-04-05 05:23 - 00915392 _____ () C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 15:02 - 2014-04-05 03:49 - 00031232 _____ () C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-12 15:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 15:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 15:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 15:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 15:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 15:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 15:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 15:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 15:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 15:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 15:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 15:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 15:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 15:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 15:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 15:01 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 15:01 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-06-26 00:00 - 2014-06-25 23:59 - 00049542 _____ () C:\Users\Krissi\Desktop\FRST.txt
2014-06-25 23:59 - 2014-06-25 23:59 - 00602112 _____ (OldTimer Tools) C:\Users\Krissi\Desktop\OTL.exe
2014-06-25 23:59 - 2014-06-25 23:59 - 00000000 ____D () C:\FRST
2014-06-25 23:57 - 2014-06-25 23:57 - 00380416 _____ () C:\Users\Krissi\Desktop\Gmer-19357.exe
2014-06-25 23:54 - 2014-06-25 23:54 - 01073152 _____ (Farbar) C:\Users\Krissi\Desktop\FRST.exe
2014-06-25 23:53 - 2006-11-02 14:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 23:53 - 2006-11-02 14:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 23:40 - 2006-11-02 12:33 - 01567416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 23:39 - 2014-06-25 23:39 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\kvegscj.sys
2014-06-25 23:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\nap
2014-06-25 23:37 - 2014-06-25 23:37 - 00003261 _____ () C:\Users\Krissi\Desktop\mbam.txt
2014-06-25 23:33 - 2012-03-30 14:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 23:25 - 2014-06-25 23:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\11CE19DA.sys
2014-06-25 23:24 - 2014-06-25 12:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-25 23:14 - 2010-01-07 17:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 22:04 - 2010-11-14 05:03 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for Krissi.job
2014-06-25 19:43 - 2014-06-25 19:43 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\bxdbbu.sys
2014-06-25 19:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Web
2014-06-25 19:33 - 2014-06-25 19:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1F8F04E3.sys
2014-06-25 14:44 - 2014-06-25 14:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\xxqwcfsn.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 94714880 _____ (AVAST Software) C:\Users\Krissi\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-25 14:43 - 2014-06-25 14:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\pysdfqyd.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Startmenü
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 ___SH () C:\Users\TEMP\ntuser.ini
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 ____D () C:\Users\TEMP
2014-06-25 14:01 - 2014-06-25 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-25 13:58 - 2012-10-21 23:59 - 00379506 _____ () C:\Windows\PFRO.log
2014-06-25 13:58 - 2010-01-07 17:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 13:58 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 13:57 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-06-25 13:39 - 2014-06-25 13:39 - 05155328 _____ () C:\Users\Krissi\Downloads\windowsdefender1593dt.msi
2014-06-25 13:32 - 2014-06-25 13:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7B305B94.sys
2014-06-25 13:29 - 2014-03-23 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-25 13:29 - 2014-03-23 15:24 - 00000000 ____D () C:\ProgramData\Avira
2014-06-25 13:29 - 2014-03-23 15:24 - 00000000 ____D () C:\Program Files\Avira
2014-06-25 13:29 - 2008-10-20 03:00 - 01060697 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 13:15 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-06-25 12:52 - 2014-06-25 12:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\10AC4DA0.sys
2014-06-25 10:57 - 2014-06-25 10:57 - 00037248 _____ () C:\Windows\system32\Drivers\ada747308081ce1.sys
2014-06-24 20:00 - 2014-06-20 00:55 - 00110296 _____ () C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 23:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\MSAgent
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2012-10-20 18:57 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-20 00:54 - 2012-10-20 18:57 - 00000000 ____D () C:\Users\Krissi\AppData\Roaming\Malwarebytes
2014-06-20 00:54 - 2012-10-20 18:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 00:54 - 2012-10-20 18:57 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-15 21:58 - 2014-06-15 21:58 - 00000000 ____D () C:\Users\Krissi\AppData\Local\Adobe
2014-06-13 12:41 - 2012-03-30 14:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-13 12:41 - 2011-05-18 18:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 03:25 - 2008-10-10 04:51 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-13 03:25 - 2006-11-02 15:01 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-13 03:06 - 2013-07-12 01:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 03:03 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-28 18:48 - 2014-06-12 15:01 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 18:39 - 2014-06-12 15:01 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 18:38 - 2014-06-12 15:01 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 18:33 - 2014-06-12 15:01 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 18:32 - 2014-06-12 15:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 18:32 - 2014-06-12 15:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 18:31 - 2014-06-12 15:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 18:31 - 2014-06-12 15:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 18:30 - 2014-06-12 15:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 18:30 - 2014-06-12 15:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 18:30 - 2014-06-12 15:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 18:30 - 2014-06-12 15:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 18:30 - 2014-06-12 15:01 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 18:30 - 2014-06-12 15:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 18:30 - 2014-06-12 15:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 18:29 - 2014-06-12 15:01 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 18:29 - 2014-06-12 15:01 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 18:29 - 2014-06-12 15:01 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 18:29 - 2014-06-12 15:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 18:29 - 2014-06-12 15:01 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 18:28 - 2014-06-12 15:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

Some content of TEMP:
====================
C:\Users\Krissi\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2012-12-13 13:41] - [2012-08-21 13:47] - 0224640 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2014-06-25 14:04

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by Krissi at 2014-06-26 00:00:29
Running from C:\Users\Krissi\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.0.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - Samsung)
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Ihr Firmenname)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Ihr Firmenname) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.3 - )
FaceFilter Studio 2 (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 2.0 - Reallusion)
Fallout 3 (HKLM\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
GIMP 2.6.10 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gothic 2 Gold (HKLM\...\{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}) (Version: 1.0.0 - JoWood)
Gothic_Patch (HKLM\...\{302AC480-43D2-11D5-A818-00500435FC18}) (Version:  - )
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
imagine digital freedom - Samsung (HKLM\...\{8E106A57-A17E-431D-B48F-175E42EB9F74}) (Version: 1.0.2.2 - Samsung Electronics Co. Ltd.,)
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}) (Version: 12.00.4000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InternetExplorer-WEB.DE-Addon (Version: 1.0 - WEB.DE) Hidden
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Macaosolitaire 1.0 (HKLM\...\Macaosolitaire_1.0) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{5A9AA2C0-972F-4239-AA41-E409434194D5}) (Version: 3.1.8.0 - Apple Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
Namuga 1.3M Webcam (HKLM\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Grafiktreiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
One Click Wipe 2 (HKLM\...\Stepok's One Click Wipe und Recomposit_is1) (Version:  - Stepok Image Lab.)
OpenOffice.org 3.0 (HKLM\...\{04B45310-A5FE-4425-BFCA-1A6D8920DE74}) (Version: 3.0.9358 - OpenOffice.org)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
Paperport Removal Tool (HKLM\...\Paperport Removal Tool_is1) (Version: 1.0 - Security Stronghold)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Ihr Firmenname)
Play AVStation (Version: 4.1.20.50 - Ihr Firmenname) Hidden
Play Camera (HKLM\...\InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}) (Version: 2.0.0.13 - Ihr Firmenname)
Play Camera (Version: 2.0.0.13 - Ihr Firmenname) Hidden
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RarZilla Free Unrar 2.53 (HKLM\...\RarZilla Free Unrar 2.53) (Version: 2.53 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Risen (HKLM\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Converter (HKLM\...\{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}) (Version: 1.0.50 - Samsung)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.0 - Samsung Electronics Co., LTD)
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.43 - Samsung)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
Samsung USB Driver (HKLM\...\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}) (Version: 1.0 - Samsung Techwin)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
SereneScreen Marine Aquarium 2 (HKLM\...\SereneScreen Marine Aquarium 2) (Version:  - )
SimpleOCR 3.1 (HKLM\...\SimpleOCR 3.1) (Version:  - )
Speedpasch 1.0 (HKLM\...\Speedpasch_1.0) (Version:  - )
Speedpyramid 1.0 (HKLM\...\Speedpyramid_1.0) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zoo Tycoon: Complete Collection (HKLM\...\Zoo Tycoon 1.0) (Version:  - )

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {061B83B5-6850-4006-8A61-80E774AF26D6} - System32\Tasks\Norton Security Scan for Krissi => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2B6EF32C-4D1D-4DB8-9D60-A1FE457938BB} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-10-08] (Samsung Electronics Co., Ltd.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4E717E7C-B1B2-42ED-B7EA-BCC228577D45} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5AF78F3B-6404-4700-BED2-B93A43F85071} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-10-06] (SAMSUNG Electronics)
Task: {5C1924CA-ED34-4ACB-8F57-04544FF5AAA5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {611DD93B-2F4D-4275-8E81-AB298AB9B884} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {6137BEC9-68FC-48ED-A8BC-E95EEF91F85C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-13] (Adobe Systems Incorporated)
Task: {6FE99385-471F-4B8E-A4FD-39013278E595} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {75D9D3AF-B541-4362-ADEB-02AFBF15B06B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)
Task: {81FBC23B-44E6-4A96-BA3F-E4193F9FDA77} - \DealPly No Task File <==== ATTENTION
Task: {87D25D3F-A557-42E7-9C83-877A4895894B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)
Task: {A15DD6FF-2BA7-4CDF-B0BE-E9ED7E717745} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-07] (Google Inc.)
Task: {ABB867E8-6CDE-4051-BA1F-B3BF1B1F55BE} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2008-08-26] (Samsung Electronics Co., Ltd.)
Task: {B21563E7-8EA3-47F4-9734-FCEFD88300D5} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-08-07] (SAMSUNG Electronics co., LTD.)
Task: {B51B6664-576E-4524-B3FD-00DF1B6180FC} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {DA55C81E-A5D5-4B81-AEA0-390698DEB40F} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F611F40E-809E-4F1F-87C2-FB8779F288BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {FF7B28FF-4186-40BB-BED3-69EE795B22C7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Krissi => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Krissi.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe

==================== Loaded Modules (whitelisted) =============

2013-04-11 15:13 - 2013-03-09 05:45 - 00049152 _____ () C:\Windows\system32\CSRSRV.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-16 12:51 - 2011-03-29 17:41 - 01404008 _____ () C:\Windows\System32\ieconfig_1und1_svc.exe
2008-10-09 13:17 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll
2008-10-09 13:17 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2008-10-09 13:18 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2007-07-12 06:55 - 2007-07-12 06:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 06:59 - 2007-08-14 06:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 06:55 - 2007-07-12 06:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2008-07-29 15:55 - 2008-07-29 15:55 - 00969728 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft-6zu4-Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: KME Inc.
Service: HidUsb
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)". hr = 0x80070005.


Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/25/2014 05:19:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4196

Error: (06/25/2014 05:19:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4196

Error: (06/25/2014 05:19:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2014 05:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198

Error: (06/25/2014 05:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198

Error: (06/25/2014 05:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/25/2014 02:44:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: xxqwcfsn%%31

Error: (06/25/2014 02:43:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: pysdfqyd%%31

Error: (06/25/2014 02:02:14 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/25/2014 02:01:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Network AgentMcAfee Firewall Core Service%%1068

Error: (06/25/2014 02:01:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Firewall Core ServiceMcAfee Validation Trust Protection Service%%1068

Error: (06/25/2014 02:01:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Validation Trust Protection ServiceMcAfee Inc. mfehidk%%31

Error: (06/25/2014 02:01:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: McAfee Inc. mfehidk%%31

Error: (06/25/2014 01:59:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfehidk
mfewfpk
ssmdrv

Error: (06/25/2014 01:59:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Proxy ServiceMcAfee Firewall Core Service%%1068

Error: (06/25/2014 01:59:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: McAfee Firewall Core ServiceMcAfee Validation Trust Protection Service%%1068


Microsoft Office Sessions:
=========================
Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)0x80070005

Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)0x80070005

Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)0x80070005

Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/26/2014 00:00:30 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{50137ca1-9e41-11dd-83c5-806e6f6e6963},0x80000000,0x00000003,...)0x80070005

Vorgang:
   Automatisch freigegebene Schattenkopien werden entfernt
   Anbieter wird geladen

Kontext:
   Ausführungskontext: System Provider

Error: (06/25/2014 05:19:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4196

Error: (06/25/2014 05:19:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4196

Error: (06/25/2014 05:19:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2014 05:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198

Error: (06/25/2014 05:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198

Error: (06/25/2014 05:19:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2014-06-24 20:07:41.630
  Description: N/A

  Date: 2014-06-24 20:07:41.002
  Description: N/A

  Date: 2014-06-24 20:07:40.387
  Description: N/A

  Date: 2014-06-24 20:07:39.789
  Description: N/A

  Date: 2014-06-24 20:07:38.654
  Description: N/A

  Date: 2014-06-24 20:07:37.972
  Description: N/A

  Date: 2014-06-24 20:07:37.388
  Description: N/A

  Date: 2014-06-24 20:07:36.772
  Description: N/A

  Date: 2014-06-21 23:40:26.625
  Description: N/A

  Date: 2014-06-21 23:40:25.868
  Description: N/A


==================== Memory info =========================== 

Percentage of memory in use: 55%
Total physical RAM: 3065.88 MB
Available physical RAM: 1350.77 MB
Total Pagefile: 6364.15 MB
Available Pagefile: 4411.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.09 GB) (Free:50.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:131.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B079B6F4)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-26 00:36:07
Windows 6.0.6002 Service Pack 2 
Running: Gmer-19357.exe


---- Services - GMER 2.1 ----

Service  System32\Drivers\ada747308081ce1.sys (*** hidden *** )               [BOOT] ada747308081ce1                             <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@ImagePath     \SystemRoot\System32\Drivers\ada747308081ce1.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@Group         Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@ErrorControl  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@Type          1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@Start         0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@Tag           1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1@DisplayName   syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ada747308081ce1               
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@ImagePath         \SystemRoot\System32\Drivers\ada747308081ce1.sys
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@Group             Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@ErrorControl      0
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@Type              1
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@Start             0
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@Tag               1
Reg      HKLM\SYSTEM\ControlSet003\Services\ada747308081ce1@DisplayName       syshost.exe

---- EOF - GMER 2.1 ----

Jugi · 26.06.2014, 18:28

OTL

Code:

ATTFilter

OTL logfile created on: 26.06.2014 00:06:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Krissi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 45,17% Memory free
6,21 Gb Paging File | 4,51 Gb Available in Paging File | 72,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 50,15 Gb Free Space | 34,81% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 131,52 Gb Free Space | 91,33% Space Free | Partition Type: NTFS
 
Computer Name: KRISSI-PC | User Name: Krissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Krissi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\ieconfig_1und1_svc.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ffdshow manager) -- C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe File not found
SRV - (ada747308081ce1) -- C:\Windows\System32\drivers\ada747308081ce1.sys ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe ()
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VMC302) -- System32\Drivers\VMC302.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (ajxt) -- C:\Windows\System32\drivers\kvegscj.sys (Malwarebytes Corporation)
DRV - (ghpwv) -- C:\Windows\System32\drivers\bxdbbu.sys (Malwarebytes Corporation)
DRV - (ada747308081ce1) -- C:\Windows\System32\drivers\ada747308081ce1.sys ()
DRV - (avipbb) -- C:\Windows\System32\DRIVERS\avipbb.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (Tcpip6) -- C:\Windows\System32\DRIVERS\tcpip.sys ()
DRV - (Tcpip) -- C:\Windows\System32\drivers\tcpip.sys ()
DRV - (tcpipreg) -- C:\Windows\System32\drivers\tcpipreg.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\DRIVERS\avkmgr.sys ()
DRV - (DXGKrnl) -- C:\Windows\System32\drivers\dxgkrnl.sys ()
DRV - (usbscan) -- C:\Windows\System32\DRIVERS\usbscan.sys ()
DRV - (usbhub) -- C:\Windows\System32\DRIVERS\usbhub.sys ()
DRV - (usbccgp) -- C:\Windows\System32\DRIVERS\usbccgp.sys ()
DRV - (Wdf01000) -- C:\Windows\System32\drivers\Wdf01000.sys ()
DRV - (tssecsrv) -- C:\Windows\System32\DRIVERS\tssecsrv.sys ()
DRV - (Ntfs) -- C:\Windows\System32\drivers\ntfs.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys ()
DRV - (volsnap) -- C:\Windows\System32\drivers\volsnap.sys ()
DRV - (WudfPf) -- C:\Windows\System32\drivers\WudfPf.sys ()
DRV - (WUDFRd) -- C:\Windows\System32\DRIVERS\WUDFRd.sys ()
DRV - (KSecDD) -- C:\Windows\System32\Drivers\ksecdd.sys ()
DRV - (RDPWD) -- C:\Windows\System32\drivers\rdpwd.sys ()
DRV - (partmgr) -- C:\Windows\System32\drivers\partmgr.sys ()
DRV - (fssfltr) -- C:\Windows\System32\DRIVERS\fssfltr.sys ()
DRV - (Fs_Rec) -- C:\Windows\System32\drivers\fs_rec.sys ()
DRV - (mrxsmb10) -- C:\Windows\System32\DRIVERS\mrxsmb10.sys ()
DRV - (atksgt) -- C:\Windows\System32\DRIVERS\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\DRIVERS\lirsgt.sys ()
DRV - (usbehci) -- C:\Windows\System32\DRIVERS\usbehci.sys ()
DRV - (usbuhci) -- C:\Windows\System32\DRIVERS\usbuhci.sys ()
DRV - (srv2) -- C:\Windows\System32\DRIVERS\srv2.sys ()
DRV - (srvnet) -- C:\Windows\System32\DRIVERS\srvnet.sys ()
DRV - (mrxsmb20) -- C:\Windows\System32\DRIVERS\mrxsmb20.sys ()
DRV - (mrxsmb) -- C:\Windows\System32\DRIVERS\mrxsmb.sys ()
DRV - (AFD) -- C:\Windows\System32\drivers\afd.sys ()
DRV - (DfsC) -- C:\Windows\System32\Drivers\dfsc.sys ()
DRV - (bowser) -- C:\Windows\System32\DRIVERS\bowser.sys ()
DRV - (srv) -- C:\Windows\System32\DRIVERS\srv.sys ()
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys ()
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys ()
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys ()
DRV - (mfenlfk) -- C:\Windows\System32\DRIVERS\mfenlfk.sys ()
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys ()
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys ()
DRV - (HTTP) -- C:\Windows\System32\drivers\HTTP.sys ()
DRV - (tunnel) -- C:\Windows\System32\DRIVERS\tunnel.sys ()
DRV - (athr) -- C:\Windows\System32\DRIVERS\athr.sys ()
DRV - (WpdUsb) -- C:\Windows\System32\DRIVERS\wpdusb.sys ()
DRV - (volmgrx) -- C:\Windows\System32\drivers\volmgrx.sys ()
DRV - (pci) -- C:\Windows\System32\drivers\pci.sys ()
DRV - (TermDD) -- C:\Windows\System32\DRIVERS\termdd.sys ()
DRV - (NDIS) -- C:\Windows\System32\drivers\ndis.sys ()
DRV - (ACPI) -- C:\Windows\System32\drivers\acpi.sys ()
DRV - (CLFS) -- C:\Windows\System32\CLFS.sys ()
DRV - (FltMgr) -- C:\Windows\System32\drivers\fltmgr.sys ()
DRV - (iScsiPrt) -- C:\Windows\System32\DRIVERS\msiscsi.sys ()
DRV - (MsRPC) -- C:\Windows\System32\drivers\msrpc.sys ()
DRV - (Ecache) -- C:\Windows\System32\drivers\ecache.sys ()
DRV - (disk) -- C:\Windows\System32\drivers\disk.sys ()
DRV - (Mup) -- C:\Windows\System32\Drivers\mup.sys ()
DRV - (RasSstp) -- C:\Windows\System32\DRIVERS\rassstp.sys ()
DRV - (NdisWan) -- C:\Windows\System32\DRIVERS\ndiswan.sys ()
DRV - (RasPppoe) -- C:\Windows\System32\DRIVERS\raspppoe.sys ()
DRV - (tdx) -- C:\Windows\System32\DRIVERS\tdx.sys ()
DRV - (PSched) -- C:\Windows\System32\DRIVERS\pacer.sys ()
DRV - (netbt) -- C:\Windows\System32\DRIVERS\netbt.sys ()
DRV - (RMCAST) -- C:\Windows\System32\DRIVERS\RMCAST.sys ()
DRV - (Smb) -- C:\Windows\System32\DRIVERS\smb.sys ()
DRV - (NativeWifiP) -- C:\Windows\System32\DRIVERS\nwifi.sys ()
DRV - (USBSTOR) -- C:\Windows\System32\DRIVERS\USBSTOR.SYS ()
DRV - (HidUsb) -- C:\Windows\System32\DRIVERS\hidusb.sys ()
DRV - (cdrom) -- C:\Windows\System32\DRIVERS\cdrom.sys ()
DRV - (kbdhid) -- C:\Windows\System32\DRIVERS\kbdhid.sys ()
DRV - (MRxDAV) -- C:\Windows\System32\drivers\mrxdav.sys ()
DRV - (rdbss) -- C:\Windows\System32\DRIVERS\rdbss.sys ()
DRV - (Npfs) -- C:\Windows\System32\drivers\npfs.sys ()
DRV - (udfs) -- C:\Windows\System32\DRIVERS\udfs.sys ()
DRV - (exfat) -- C:\Windows\System32\drivers\exfat.sys ()
DRV - (fastfat) -- C:\Windows\System32\drivers\fastfat.sys ()
DRV - (KMWDFILTER) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys ()
DRV - (VMC326) -- C:\Windows\System32\Drivers\VMC326.sys ()
DRV - (BTHPORT) -- C:\Windows\System32\Drivers\BTHport.sys ()
DRV - (BTHUSB) -- C:\Windows\System32\Drivers\BTHUSB.sys ()
DRV - (RFCOMM) -- C:\Windows\System32\DRIVERS\rfcomm.sys ()
DRV - (Modem) -- C:\Windows\System32\drivers\modem.sys ()
DRV - (Rasl2tp) -- C:\Windows\System32\DRIVERS\rasl2tp.sys ()
DRV - (PptpMiniport) -- C:\Windows\System32\DRIVERS\raspptp.sys ()
DRV - (Ndisuio) -- C:\Windows\System32\DRIVERS\ndisuio.sys ()
DRV - (MSTEE) -- C:\Windows\System32\drivers\MSTEE.sys ()
DRV - (MSPCLOCK) -- C:\Windows\System32\drivers\MSPCLOCK.sys ()
DRV - (MSPQM) -- C:\Windows\System32\drivers\MSPQM.sys ()
DRV - (VgaSave) -- C:\Windows\System32\drivers\vga.sys ()
DRV - (MSKSSRV) -- C:\Windows\System32\drivers\MSKSSRV.sys ()
DRV - (RDPENCDD) -- C:\Windows\System32\drivers\rdpencdd.sys ()
DRV - (mpsdrv) -- C:\Windows\System32\drivers\mpsdrv.sys ()
DRV - (nsiproxy) -- C:\Windows\System32\drivers\nsiproxy.sys ()
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys ()
DRV - (IpFilterDriver) -- C:\Windows\System32\DRIVERS\ipfltdrv.sys ()
DRV - (luafv) -- C:\Windows\System32\drivers\luafv.sys ()
DRV - (rspndr) -- C:\Windows\System32\DRIVERS\rspndr.sys ()
DRV - (lltdio) -- C:\Windows\System32\DRIVERS\lltdio.sys ()
DRV - (IPNAT) -- C:\Windows\System32\DRIVERS\ipnat.sys ()
DRV - (Wanarpv6) -- C:\Windows\System32\DRIVERS\wanarp.sys ()
DRV - (Wanarp) -- C:\Windows\System32\DRIVERS\wanarp.sys ()
DRV - (NDProxy) -- C:\Windows\System32\drivers\ndproxy.sys ()
DRV - (NdisTapi) -- C:\Windows\System32\DRIVERS\ndistapi.sys ()
DRV - (tunmp) -- C:\Windows\System32\DRIVERS\tunmp.sys ()
DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys ()
DRV - (NetBIOS) -- C:\Windows\System32\DRIVERS\netbios.sys ()
DRV - (RasAcd) -- C:\Windows\System32\DRIVERS\rasacd.sys ()
DRV - (spldr) -- C:\Windows\System32\drivers\spldr.sys ()
DRV - (TDTCP) -- C:\Windows\System32\drivers\tdtcp.sys ()
DRV - (TDPIPE) -- C:\Windows\System32\drivers\tdpipe.sys ()
DRV - (RDPCDD) -- C:\Windows\System32\DRIVERS\RDPCDD.sys ()
DRV - (FileInfo) -- C:\Windows\System32\drivers\fileinfo.sys ()
DRV - (AsyncMac) -- C:\Windows\System32\DRIVERS\asyncmac.sys ()
DRV - (IRENUM) -- C:\Windows\System32\drivers\irenum.sys ()
DRV - (cdfs) -- C:\Windows\System32\DRIVERS\cdfs.sys ()
DRV - (Msfs) -- C:\Windows\System32\drivers\msfs.sys ()
DRV - (Null) -- C:\Windows\System32\drivers\null.sys ()
DRV - (Beep) -- C:\Windows\System32\drivers\beep.sys ()
DRV - (MountMgr) -- C:\Windows\System32\drivers\mountmgr.sys ()
DRV - (QWAVEdrv) -- C:\Windows\System32\drivers\qwavedrv.sys ()
DRV - (usbvideo) -- C:\Windows\System32\Drivers\usbvideo.sys ()
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys ()
DRV - (CmBatt) -- C:\Windows\System32\DRIVERS\CmBatt.sys ()
DRV - (BthEnum) -- C:\Windows\System32\DRIVERS\BthEnum.sys ()
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys ()
DRV - (kbdclass) -- C:\Windows\System32\DRIVERS\kbdclass.sys ()
DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys ()
DRV - (sffp_mmc) -- C:\Windows\System32\drivers\sffp_mmc.sys ()
DRV - (sffp_sd) -- C:\Windows\System32\drivers\sffp_sd.sys ()
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\ipmidrv.sys ()
DRV - (gagp30kx) -- C:\Windows\System32\drivers\gagp30kx.sys ()
DRV - (uagp35) -- C:\Windows\System32\drivers\uagp35.sys ()
DRV - (monitor) -- C:\Windows\System32\DRIVERS\monitor.sys ()
DRV - (umbus) -- C:\Windows\System32\DRIVERS\umbus.sys ()
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys ()
DRV - (usbprint) -- C:\Windows\System32\DRIVERS\usbprint.sys ()
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys ()
DRV - (sdbus) -- C:\Windows\System32\DRIVERS\sdbus.sys ()
DRV - (ohci1394) -- C:\Windows\System32\DRIVERS\ohci1394.sys ()
DRV - (drmkaud) -- C:\Windows\System32\drivers\drmkaud.sys ()
DRV - (NETw3v32) -- C:\Windows\System32\DRIVERS\NETw3v32.sys ()
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys ()
DRV - (BthPan) -- C:\Windows\System32\DRIVERS\bthpan.sys ()
DRV - (i8042prt) -- C:\Windows\System32\DRIVERS\i8042prt.sys ()
DRV - (mouclass) -- C:\Windows\System32\DRIVERS\mouclass.sys ()
DRV - (fdc) -- C:\Windows\System32\DRIVERS\fdc.sys ()
DRV - (flpydisk) -- C:\Windows\System32\DRIVERS\flpydisk.sys ()
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys ()
DRV - (mouhid) -- C:\Windows\System32\DRIVERS\mouhid.sys ()
DRV - (pcmcia) -- C:\Windows\System32\DRIVERS\pcmcia.sys ()
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys ()
DRV - (vga) -- C:\Windows\System32\DRIVERS\vgapnp.sys ()
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys ()
DRV - (nv_agp) -- C:\Windows\System32\drivers\nv_agp.sys ()
DRV - (uliagpkx) -- C:\Windows\System32\drivers\uliagpkx.sys ()
DRV - (viaagp) -- C:\Windows\System32\drivers\viaagp.sys ()
DRV - (agp440) -- C:\Windows\System32\drivers\agp440.sys ()
DRV - (volmgr) -- C:\Windows\System32\drivers\volmgr.sys ()
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys ()
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys ()
DRV - (mssmbios) -- C:\Windows\System32\DRIVERS\mssmbios.sys ()
DRV - (msisadrv) -- C:\Windows\System32\drivers\msisadrv.sys ()
DRV - (swenum) -- C:\Windows\System32\DRIVERS\swenum.sys ()
DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys ()
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys ()
DRV - (intelppm) -- C:\Windows\System32\DRIVERS\intelppm.sys ()
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys ()
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys ()
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys ()
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys ()
DRV - (atapi) -- C:\Windows\System32\drivers\atapi.sys ()
DRV - (Compbatt) -- C:\Windows\System32\DRIVERS\compbatt.sys ()
DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys ()
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys ()
DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys ()
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys ()
DRV - (ErrDev) -- C:\Windows\System32\drivers\errdev.sys ()
DRV - (KMDFMEMIO) -- C:\Windows\System32\DRIVERS\kmdfmemio.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\DRIVERS\AGRSM.sys ()
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys ()
DRV - (PEAUTH) -- C:\Windows\System32\drivers\peauth.sys ()
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys ()
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys ()
DRV - (usbcir) -- C:\Windows\System32\drivers\usbcir.sys ()
DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys ()
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys ()
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys ()
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys ()
DRV - (Parport) -- C:\Windows\System32\drivers\parport.sys ()
DRV - (Serenum) -- C:\Windows\System32\drivers\serenum.sys ()
DRV - (Parvdm) -- C:\Windows\System32\drivers\parvdm.sys ()
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\HdAudio.sys ()
DRV - (bcm4sbxp) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie [binary data]
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie [binary data]
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114435&tl=esgn10325&tt=040912_ccp_3612_4&babsrc=SP_ss&mntrId=d815f138000000000000002163884f46
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{4FC48B4A-3F22-4C53-A19E-3CDC622C3D8F}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{547F46FC-7017-48CF-B542-9D9485EDF3AD}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{56FD3787-0C7F-429A-A098-E253993BC8B7}: "URL" = hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.ebaysuche&s_brand=webde&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-5/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{8879210E-B412-4955-A6BE-0A6692831E54}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{93EBA672-1622-4B69-8C07-5760A86A27D1}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{F2493A77-72D7-4EBE-8AD0-AE5CF044CF2B}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{F84343E9-4DF1-4E54-B429-79B2CC201472}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie [binary data]
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:1.5.5
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.13 21:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2009.06.15 11:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\mozilla\Extensions
[2014.06.20 12:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\mozilla\Firefox\Profiles\556kefvr.default\extensions
[2010.07.25 22:26:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Krissi\AppData\Roaming\mozilla\Firefox\Profiles\556kefvr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.14 14:53:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Krissi\AppData\Roaming\mozilla\Firefox\Profiles\556kefvr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.08 22:32:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Krissi\AppData\Roaming\mozilla\Firefox\Profiles\556kefvr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(131)
[2012.09.08 02:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krissi\AppData\Roaming\mozilla\Firefox\Profiles\556kefvr.default\extensions\staged
[2011.12.24 19:24:32 | 000,571,345 | ---- | M] () (No name found) -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\extensions\toolbar@web.de.xpi
[2012.09.08 02:22:42 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\extensions\staged\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.11.04 02:38:56 | 000,000,933 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\11-suche.xml
[2012.09.08 03:06:09 | 000,002,268 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\BabylonMngr.xml
[2009.12.01 17:12:22 | 000,002,204 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\bProtect.xml
[2011.11.04 02:38:56 | 000,002,419 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\englische-ergebnisse.xml
[2011.11.04 02:38:56 | 000,010,525 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\gmx-suche.xml
[2012.01.15 10:21:41 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-1.xml
[2011.03.05 19:57:11 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-10.xml
[2011.03.24 18:49:31 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-11.xml
[2011.05.01 16:26:42 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-12.xml
[2011.05.11 18:45:58 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-13.xml
[2011.05.11 22:42:26 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-14.xml
[2011.07.07 23:34:45 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-15.xml
[2011.08.19 13:07:12 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-16.xml
[2011.09.04 18:41:26 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-17.xml
[2011.09.09 14:00:04 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-18.xml
[2011.09.30 21:09:47 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-19.xml
[2010.07.24 11:14:50 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-2.xml
[2011.10.04 13:52:49 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-20.xml
[2011.10.17 12:27:27 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-21.xml
[2011.11.11 03:06:11 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-22.xml
[2010.07.24 11:17:22 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-3.xml
[2010.09.09 13:16:26 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-4.xml
[2010.09.17 03:56:31 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-5.xml
[2010.10.21 02:29:11 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-6.xml
[2010.11.13 06:11:40 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-7.xml
[2010.12.11 14:47:36 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-8.xml
[2011.03.02 15:00:21 | 000,000,950 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin-9.xml
[2011.09.25 14:49:54 | 000,000,618 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\icqplugin.src
[2011.11.04 02:38:56 | 000,002,457 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\lastminute.xml
[2011.05.11 22:42:28 | 000,005,508 | ---- | M] () -- C:\Users\Krissi\AppData\Roaming\mozilla\firefox\profiles\556kefvr.default\searchplugins\webde-suche.xml
[2014.02.28 23:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.23 05:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012.01.23 05:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.01.23 05:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.01.23 05:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012.01.23 05:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\KRISSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\556KEFVR.DEFAULT\EXTENSIONS\ADDON@DEALPLYSHOPPING.COM
[2010.05.31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\divx\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100722174826.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-381946461-3025875304-1193097581-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-381946461-3025875304-1193097581-1007..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-381946461-3025875304-1193097581-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-381946461-3025875304-1193097581-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Krissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-381946461-3025875304-1193097581-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37FBAEDD-AAAA-4F86-8391-1917F8367B32}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Users\Krissi\Pictures\Unser kleines Wunder\Familien-Shooting 02.08.13 + Ende November '13\IMG_20131215_0003 - Kopie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Krissi\Pictures\Unser kleines Wunder\Familien-Shooting 02.08.13 + Ende November '13\IMG_20131215_0003 - Kopie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58c80f0a-4f5c-11de-a804-001377ad17b8}\Shell - "" = AutoRun
O33 - MountPoints2\{58c80f0a-4f5c-11de-a804-001377ad17b8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.25 23:59:45 | 000,000,000 | ---D | C] -- C:\FRST
[2014.06.25 23:59:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Krissi\Desktop\OTL.exe
[2014.06.25 23:54:35 | 001,073,152 | ---- | C] (Farbar) -- C:\Users\Krissi\Desktop\FRST.exe
[2014.06.25 23:39:14 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\kvegscj.sys
[2014.06.25 23:25:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\11CE19DA.sys
[2014.06.25 19:43:27 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\bxdbbu.sys
[2014.06.25 19:33:09 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\1F8F04E3.sys
[2014.06.25 14:44:42 | 000,411,552 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\xxqwcfsn.sys
[2014.06.25 14:43:54 | 000,411,552 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\pysdfqyd.sys
[2014.06.25 14:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014.06.25 14:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014.06.25 13:32:04 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\7B305B94.sys
[2014.06.25 12:52:34 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\10AC4DA0.sys
[2014.06.25 12:51:59 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\48230029.sys
[2014.06.20 00:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.06.20 00:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.06.15 21:58:09 | 000,000,000 | ---D | C] -- C:\Users\Krissi\AppData\Local\Adobe
[2014.06.12 15:01:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.06.12 15:01:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.06.12 15:01:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.06.12 15:01:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.06.12 15:01:54 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.06.12 15:01:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.06.12 15:01:52 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.06.12 15:01:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.06.12 15:01:52 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.06.12 15:01:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.06.12 15:01:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.06.12 15:01:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.25 23:59:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krissi\Desktop\OTL.exe
[2014.06.25 23:57:08 | 000,380,416 | ---- | M] () -- C:\Users\Krissi\Desktop\Gmer-19357.exe
[2014.06.25 23:54:36 | 001,073,152 | ---- | M] (Farbar) -- C:\Users\Krissi\Desktop\FRST.exe
[2014.06.25 23:53:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.25 23:53:33 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.25 23:40:39 | 000,674,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2014.06.25 23:40:39 | 000,634,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.06.25 23:40:39 | 000,146,238 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2014.06.25 23:40:39 | 000,120,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.06.25 23:39:14 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\kvegscj.sys
[2014.06.25 23:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.25 23:25:28 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\11CE19DA.sys
[2014.06.25 23:24:43 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\48230029.sys
[2014.06.25 23:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.25 22:04:16 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Krissi.job
[2014.06.25 19:43:27 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\bxdbbu.sys
[2014.06.25 19:33:09 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\1F8F04E3.sys
[2014.06.25 19:03:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.25 14:44:42 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\xxqwcfsn.sys
[2014.06.25 14:43:54 | 000,411,552 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\pysdfqyd.sys
[2014.06.25 13:58:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.25 13:58:03 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.25 13:32:04 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\7B305B94.sys
[2014.06.25 12:52:34 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\10AC4DA0.sys
[2014.06.25 10:57:52 | 000,037,248 | ---- | M] () -- C:\Windows\System32\drivers\ada747308081ce1.sys
[2014.06.24 20:00:02 | 000,110,296 | ---- | M] () -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.06.20 00:54:48 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.13 12:41:13 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.06.13 12:41:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.06.13 03:25:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014.05.28 18:39:36 | 001,810,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.05.28 18:32:25 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.05.28 18:31:33 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.05.28 18:31:17 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.05.28 18:30:53 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.05.28 18:30:25 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.05.28 18:30:08 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.05.28 18:30:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.05.28 18:29:58 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.05.28 18:29:49 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.05.28 18:29:31 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.05.28 18:28:35 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.06.25 23:57:08 | 000,380,416 | ---- | C] () -- C:\Users\Krissi\Desktop\Gmer-19357.exe
[2014.06.25 10:57:52 | 000,037,248 | ---- | C] () -- C:\Windows\System32\drivers\ada747308081ce1.sys
[2014.06.20 00:55:21 | 000,110,296 | ---- | C] () -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.06.20 00:54:37 | 000,074,456 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.06.20 00:54:37 | 000,051,928 | ---- | C] () -- C:\Windows\System32\drivers\mwac.sys
[2014.06.12 15:02:00 | 000,915,392 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys
[2014.06.12 15:02:00 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys
[2014.04.25 19:46:48 | 008,904,632 | ---- | C] () -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014.03.23 15:24:51 | 000,136,216 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys
[2014.03.23 15:24:51 | 000,037,352 | ---- | C] () -- C:\Windows\System32\drivers\avkmgr.sys
[2014.03.14 00:50:18 | 002,050,560 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2014.02.28 22:42:34 | 000,221,568 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys
[2014.01.13 18:24:28 | 000,000,947 | ---- | C] () -- C:\Users\Krissi\.recently-used.xbel
[2013.12.12 17:03:31 | 000,167,936 | ---- | C] () -- C:\Windows\System32\drivers\portcls.sys
[2013.12.12 17:03:31 | 000,130,048 | ---- | C] () -- C:\Windows\System32\drivers\drmk.sys
[2013.10.09 23:54:36 | 000,638,400 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2013.10.09 23:54:36 | 000,037,376 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2013.10.09 23:44:07 | 000,226,304 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys
[2013.10.09 23:44:07 | 000,197,632 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys
[2013.10.09 23:44:07 | 000,073,216 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys
[2013.10.09 23:44:07 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys
[2013.10.09 23:44:07 | 000,023,552 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys
[2013.10.09 23:44:07 | 000,006,016 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys
[2013.10.09 23:42:45 | 000,527,064 | ---- | C] () -- C:\Windows\System32\drivers\Wdf01000.sys
[2013.10.09 23:41:00 | 000,293,376 | ---- | C] () -- C:\Windows\System32\atmfd.dll
[2013.10.09 23:34:58 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\usbscan.sys
[2013.10.09 23:34:58 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\hidparse.sys
[2013.08.15 11:56:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys
[2013.08.15 11:55:45 | 003,551,680 | ---- | C] () -- C:\Windows\System32\ntoskrnl.exe
[2013.04.24 14:11:04 | 001,082,232 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys
[2013.04.11 15:13:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\csrsrv.dll
[2013.03.14 14:09:06 | 000,015,872 | ---- | C] () -- C:\Windows\System32\drivers\usb8023.sys
[2013.02.18 09:22:18 | 000,149,352 | ---- | C] () -- C:\Windows\System32\drivers\nvhda32v.sys
[2012.12.13 13:41:20 | 000,224,640 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2012.12.13 13:39:04 | 000,155,136 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys
[2012.12.13 13:39:04 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys
[2012.12.13 13:39:00 | 000,047,720 | ---- | C] () -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.10.23 12:28:41 | 000,026,840 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2012.09.08 04:16:47 | 000,039,272 | ---- | C] () -- C:\Windows\System32\drivers\fssfltr.sys
[2012.09.08 02:45:37 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.09.08 02:10:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.07.12 16:46:23 | 000,440,704 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys
[2008.12.29 18:13:24 | 000,025,600 | ---- | C] () -- C:\Users\Krissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 15:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013.11.19 14:28:55 | 105,031,188 | ---- | M] ()(C:\Windows\System32\???¸) -- C:\Windows\System32\Ẵᴼ¸
[2013.11.19 14:28:55 | 105,031,188 | ---- | C] ()(C:\Windows\System32\???¸) -- C:\Windows\System32\Ẵᴼ¸
[2013.11.15 20:44:19 | 104,496,569 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\䱲ᴼœ
[2013.11.15 20:44:19 | 104,496,569 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\䱲ᴼœ
[2013.11.15 13:44:51 | 104,401,821 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\�鉩ᴼ™
[2013.11.15 13:44:51 | 104,401,821 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\�鉩ᴼ™
[2013.11.14 23:50:08 | 104,278,918 | ---- | M] ()(C:\Windows\System32\???I) -- C:\Windows\System32\뗆鵼ᴼI
[2013.11.14 23:50:08 | 104,278,918 | ---- | C] ()(C:\Windows\System32\???I) -- C:\Windows\System32\뗆鵼ᴼI
[2013.11.12 01:10:50 | 103,792,856 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\繵捇ᴼ˜
[2013.11.12 01:10:50 | 103,792,856 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\繵捇ᴼ˜
[2013.10.23 12:37:02 | 102,551,358 | ---- | M] ()(C:\Windows\System32\?)??) -- C:\Windows\System32\槙)ᴼ˜
[2013.10.20 20:17:16 | 102,551,358 | ---- | C] ()(C:\Windows\System32\?)??) -- C:\Windows\System32\槙)ᴼ˜
[2013.10.18 14:26:03 | 101,760,430 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ᤁ⿹ᴼš
[2013.10.18 14:26:03 | 101,760,430 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ᤁ⿹ᴼš
[2013.10.10 23:13:01 | 100,332,977 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\䶎ᴼ
[2013.10.10 23:13:01 | 100,332,977 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\䶎ᴼ
[2013.10.09 23:54:59 | 100,163,860 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\킔㝒ᴼ‘
[2013.10.09 23:54:59 | 100,163,860 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\킔㝒ᴼ‘
[2013.10.01 15:23:00 | 098,609,570 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ɚᴼ›
[2013.09.30 22:30:40 | 098,609,570 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ɚᴼ›
[2013.09.19 13:37:25 | 098,352,290 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\⊸䘗ᴼ
[2013.09.19 13:37:25 | 098,352,290 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\⊸䘗ᴼ
[2013.09.10 15:09:20 | 096,940,255 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\蘷妽ᴼ
[2013.09.10 15:09:20 | 096,940,255 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\蘷妽ᴼ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

OTL Extras

Code:

ATTFilter

OTL Extras logfile created on: 26.06.2014 00:06:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Krissi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 45,17% Memory free
6,21 Gb Paging File | 4,51 Gb Available in Paging File | 72,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 50,15 Gb Free Space | 34,81% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 131,52 Gb Free Space | 91,33% Space Free | Partition Type: NTFS
 
Computer Name: KRISSI-PC | User Name: Krissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{142890DF-4AAD-4D66-AB88-B7F9F814D07F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{27CEFFAF-842B-460F-93CA-3CD834075537}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system | 
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7612CC18-368D-4379-9FD9-6C229B41D7C5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7D480B1F-75EE-49CA-A48E-42E6EA32594E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A2D2C53F-0509-4C5D-8686-10B226E2552B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C2606E35-6873-4C47-9882-98127C97F6A4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C511FC2E-1B6B-47FC-99FB-F85EBBD6ED4C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D89EB9D1-2863-4C3B-941C-50C71F7F8D12}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DB7BC9C5-A8F0-470E-AAD0-C4BB40CD92BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FFCDEE3A-5052-4D36-8F4F-DEBCF6298495}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F0D01E-6A01-4FE5-877F-15C94558C307}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1ED4CBEE-3CEC-45D7-9475-C811877C5BC8}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2C5CE09C-0F7F-4A51-B3BE-86AA873DA491}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{368B32F3-91E7-43EA-8CC5-52A4CF348ADF}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4EB334C5-E250-4170-91D3-12FA823D83D5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{62EC5331-D65C-4D5D-B295-5DCCFF44F045}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{6AD1B9BD-5D1D-477A-B0EC-A33F15B22DEE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{72D1A043-3A59-43D6-8374-6D576B4B944F}" = dir=out | name=core networking - system ip core | 
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{91D5E265-E433-4374-82C8-36EA23066813}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9B169E0A-8523-4E61-88CB-BD9D97717EA6}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{9CC7FAC8-514E-4816-B10D-EA9D8C401DAD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A5211B85-BD55-48DB-B8A3-045BBCBCFE4A}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{ABA3F48D-04CE-433D-B083-D44B3E7B9B5F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B8882197-58B0-4B3A-8EC9-9AA649391E4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BE93EB60-F4CC-42AE-8704-DDFDD6BB7E5E}" = dir=in | name=core networking - system ip core | 
"{CD99E126-41B9-4720-AC03-58DE101113A5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{D478ED30-D21A-4A55-830F-E34149884F20}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D64A733B-0229-4DB2-B69E-14063CEE17F6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{DE8677A0-8133-4DE5-B421-30594267AAF4}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{E2A902E2-3CAB-451F-96AB-0872A2EF7777}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{F6274F77-9D28-47A0-A489-BE4F8A573AA0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{FA33A7C7-67B4-4229-A03B-6F5CE1F28919}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{FB0BAAFB-D319-412E-8035-1FB10677F481}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{3318EE59-36C2-4B2E-AD00-453A4FB3D485}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{5F024BFC-5371-4623-A55C-4AA62F9037BB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AB2AE9A2-8C90-4361-B8CB-0BA8E5C3E01B}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{28125176-D76F-43B4-8E54-C9FF00D6BE13}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D0291C42-0491-4D6A-AC6B-C96FC94CB191}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{FD64B5CB-888F-4C3C-BF40-24D2AE27F1E8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{40FE74B5-71A1-4393-A0AB-21D6E1DA5A66}" = Gothic 2 Gold
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}" = Samsung Converter
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6041D07D-CBC6-4119-8C35-D95B77AD5FBA}" = InternetExplorer-WEB.DE-Addon
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}" = Samsung USB Driver
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio 2
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1&1 Mail & Media GmbH 1und1DesktopIconsInstaller" = WEB.DE Desktop Icons
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Macaosolitaire_1.0" = Macaosolitaire 1.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.17.1863" = Opera 12.17
"Paperport Removal Tool_is1" = Paperport Removal Tool
"PhotoScape" = PhotoScape
"ProInst" = Intel PROSet Wireless
"RarZilla Free Unrar 2.53" = RarZilla Free Unrar 2.53
"SereneScreen Marine Aquarium 2" = SereneScreen Marine Aquarium 2
"SimpleOCR 3.1" = SimpleOCR 3.1
"Speedpasch_1.0" = Speedpasch 1.0
"Speedpyramid_1.0" = Speedpyramid 1.0
"Stepok's One Click Wipe und Recomposit_is1" = One Click Wipe 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.2
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-381946461-3025875304-1193097581-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-381946461-3025875304-1193097581-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2014 11:19:57 | Computer Name = Krissi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.06.2014 11:19:57 | Computer Name = Krissi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198
 
Error - 25.06.2014 11:19:57 | Computer Name = Krissi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198
 
Error - 25.06.2014 11:19:58 | Computer Name = Krissi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 25.06.2014 11:19:58 | Computer Name = Krissi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4196
 
Error - 25.06.2014 11:19:58 | Computer Name = Krissi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4196
 
Error - 25.06.2014 18:00:30 | Computer Name = Krissi-PC | Source = VSS | ID = 12289
Description = 
 
Error - 25.06.2014 18:00:30 | Computer Name = Krissi-PC | Source = VSS | ID = 12289
Description = 
 
Error - 25.06.2014 18:00:30 | Computer Name = Krissi-PC | Source = VSS | ID = 12289
Description = 
 
Error - 25.06.2014 18:00:30 | Computer Name = Krissi-PC | Source = VSS | ID = 12289
Description = 
 
[ System Events ]
Error - 25.06.2014 07:59:47 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.06.2014 07:59:47 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.06.2014 07:59:47 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25.06.2014 08:01:39 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.06.2014 08:01:39 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.06.2014 08:01:39 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.06.2014 08:01:39 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25.06.2014 08:02:14 | Computer Name = Krissi-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 25.06.2014 08:43:54 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.06.2014 08:44:42 | Computer Name = Krissi-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

schrauber · 27.06.2014, 11:24

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Jugi · 27.06.2014, 20:30

TDSSKiller ist installiert.
Allerdings hat die aktuelle Version in den Einstellungen unter "Additional Options" neben den zweien eine zusätzliche Auswahl namens "Use KSN to scan objects".
Automatisch ist dort ein Häkchen gesetzt.
Soll es bleiben, oder soll diese Option raus genommen werden?

schrauber · 28.06.2014, 18:22

kannste drin lassen

Jugi · 28.06.2014, 21:10

Hey.
Ok, habe ich gemacht. (Ich als "Normalsterblicher" frage nur mal besser nach bei sowas, bevor ich irgendwelchen Quatsch mache.)

Hier die Logfile von TDSSKiller

Code:

ATTFilter

21:38:15.0881 0x1454  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
21:38:21.0934 0x1454  ============================================================
21:38:21.0934 0x1454  Current date / time: 2014/06/28 21:38:21.0934
21:38:21.0934 0x1454  SystemInfo:
21:38:21.0934 0x1454  
21:38:21.0934 0x1454  OS Version: 6.0.6002 ServicePack: 2.0
21:38:21.0934 0x1454  Product type: Workstation
21:38:21.0934 0x1454  ComputerName: KRISSI-PC
21:38:21.0934 0x1454  UserName: Krissi
21:38:21.0934 0x1454  Windows directory: C:\Windows
21:38:21.0934 0x1454  System windows directory: C:\Windows
21:38:21.0934 0x1454  Processor architecture: Intel x86
21:38:21.0934 0x1454  Number of processors: 2
21:38:21.0934 0x1454  Page size: 0x1000
21:38:21.0934 0x1454  Boot type: Normal boot
21:38:21.0934 0x1454  ============================================================
21:38:22.0137 0x1454  KLMD registered as C:\Windows\system32\drivers\20317249.sys
21:39:26.0112 0x1454  System UUID: {95EE4A72-C730-4E01-597F-4C0F2E707DF4}
21:39:26.0549 0x1454  !crdlk
21:39:26.0658 0x1454  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:39:26.0658 0x1454  ============================================================
21:39:26.0658 0x1454  \Device\Harddisk0\DR0:
21:39:26.0658 0x1454  MBR partitions:
21:39:26.0658 0x1454  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
21:39:26.0658 0x1454  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
21:39:26.0658 0x1454  ============================================================
21:39:26.0690 0x1454  C: <-> \Device\Harddisk0\DR0\Partition1
21:39:26.0736 0x1454  D: <-> \Device\Harddisk0\DR0\Partition2
21:39:26.0736 0x1454  ============================================================
21:39:26.0736 0x1454  Initialize success
21:39:26.0736 0x1454  ============================================================
21:40:00.0479 0x14b0  ============================================================
21:40:00.0479 0x14b0  Scan started
21:40:00.0479 0x14b0  Mode: Manual; SigCheck; TDLFS; 
21:40:00.0479 0x14b0  ============================================================
21:40:00.0479 0x14b0  KSN ping started
21:40:03.0178 0x14b0  KSN ping finished: true
21:40:03.0989 0x14b0  ================ Scan system memory ========================
21:40:03.0989 0x14b0  System memory - ok
21:40:03.0989 0x14b0  ================ Scan services =============================
21:40:04.0239 0x14b0  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:40:04.0395 0x14b0  ACPI - ok
21:40:04.0426 0x14b0  Suspicious service (NoAccess): ada747308081ce1
21:40:04.0504 0x14b0  [ 77F2BAEE8626D45C46B69CD17BE4623D, 0E9608C41DCAC1195E239DBAFC4BD4710760835DDAAAC752ABAC579C73671009 ] ada747308081ce1 C:\Windows\System32\Drivers\ada747308081ce1.sys
21:40:04.0504 0x14b0  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\ada747308081ce1.sys. md5: 77F2BAEE8626D45C46B69CD17BE4623D, sha256: 0E9608C41DCAC1195E239DBAFC4BD4710760835DDAAAC752ABAC579C73671009
21:40:04.0582 0x14b0  ada747308081ce1 - detected Rootkit.Win32.Necurs.gen ( 0 )
21:40:07.0156 0x14b0  ada747308081ce1 ( Rootkit.Win32.Necurs.gen ) - infected
21:40:07.0156 0x14b0  Force sending object to P2P due to detect: ada747308081ce1
21:40:09.0668 0x14b0  Object send P2P result: true
21:40:12.0226 0x14b0  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:40:12.0257 0x14b0  AdobeARMservice - ok
21:40:12.0335 0x14b0  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:40:12.0382 0x14b0  AdobeFlashPlayerUpdateSvc - ok
21:40:12.0444 0x14b0  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:40:12.0522 0x14b0  adp94xx - ok
21:40:12.0569 0x14b0  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:40:12.0616 0x14b0  adpahci - ok
21:40:12.0647 0x14b0  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:40:12.0678 0x14b0  adpu160m - ok
21:40:12.0710 0x14b0  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:40:12.0756 0x14b0  adpu320 - ok
21:40:12.0803 0x14b0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:40:12.0881 0x14b0  AeLookupSvc - ok
21:40:12.0959 0x14b0  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
21:40:13.0022 0x14b0  AFD - ok
21:40:13.0084 0x14b0  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
21:40:13.0193 0x14b0  AgereSoftModem - ok
21:40:13.0240 0x14b0  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:40:13.0271 0x14b0  agp440 - ok
21:40:13.0302 0x14b0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:40:13.0318 0x14b0  aic78xx - ok
21:40:13.0349 0x14b0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
21:40:13.0474 0x14b0  ALG - ok
21:40:13.0505 0x14b0  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
21:40:13.0521 0x14b0  aliide - ok
21:40:13.0552 0x14b0  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:40:13.0568 0x14b0  amdagp - ok
21:40:13.0599 0x14b0  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
21:40:13.0614 0x14b0  amdide - ok
21:40:13.0646 0x14b0  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:40:13.0692 0x14b0  AmdK7 - ok
21:40:13.0708 0x14b0  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:40:13.0755 0x14b0  AmdK8 - ok
21:40:13.0864 0x14b0  [ 0BF3BE441B226D018767C28F92830D34, F4737DB09D2CDF1AD3516711E6A7B230D02630D7A7481CCAD046D99AF165CA23 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:40:13.0895 0x14b0  AntiVirSchedulerService - ok
21:40:13.0958 0x14b0  [ 0BF3BE441B226D018767C28F92830D34, F4737DB09D2CDF1AD3516711E6A7B230D02630D7A7481CCAD046D99AF165CA23 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:40:14.0004 0x14b0  AntiVirService - ok
21:40:14.0051 0x14b0  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
21:40:14.0098 0x14b0  Appinfo - ok
21:40:14.0192 0x14b0  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:40:14.0207 0x14b0  Apple Mobile Device - ok
21:40:14.0270 0x14b0  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
21:40:14.0301 0x14b0  arc - ok
21:40:14.0332 0x14b0  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:40:14.0348 0x14b0  arcsas - ok
21:40:14.0472 0x14b0  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:40:14.0504 0x14b0  aspnet_state - ok
21:40:14.0535 0x14b0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:14.0597 0x14b0  AsyncMac - ok
21:40:14.0613 0x14b0  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:40:14.0628 0x14b0  atapi - ok
21:40:14.0722 0x14b0  [ F32FEE7CB2EE32C1F808409BC8019701, 4EB9C8388BC27EA0EEFAD8F6C7C62310832D8B13F0EE5D6667F37E6FC1D46794 ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:40:14.0862 0x14b0  athr - ok
21:40:14.0909 0x14b0  [ F0D933B42CD0594048E4D5200AE9E417, FF53E843A99948568515964C3C97107FA875BBC3F2906BADEE0B29ACE5532F0D ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
21:40:14.0940 0x14b0  atksgt - ok
21:40:15.0003 0x14b0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:40:15.0050 0x14b0  AudioEndpointBuilder - ok
21:40:15.0096 0x14b0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:40:15.0143 0x14b0  Audiosrv - ok
21:40:15.0190 0x14b0  [ 06740B4CA398D0D00A49CB1D22FC2BC3, CCE1A4D7C24124687324FB904BADA3E289472FA4C0594031952F5F4577322AE0 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:40:15.0206 0x14b0  avgntflt - ok
21:40:15.0252 0x14b0  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:40:15.0268 0x14b0  avipbb - ok
21:40:15.0299 0x14b0  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:40:15.0315 0x14b0  avkmgr - ok
21:40:15.0362 0x14b0  [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:40:15.0564 0x14b0  bcm4sbxp - ok
21:40:15.0611 0x14b0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:40:15.0674 0x14b0  Beep - ok
21:40:15.0736 0x14b0  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
21:40:15.0798 0x14b0  BFE - ok
21:40:15.0892 0x14b0  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
21:40:15.0986 0x14b0  BITS - ok
21:40:16.0017 0x14b0  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:40:16.0079 0x14b0  blbdrive - ok
21:40:16.0173 0x14b0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:40:16.0204 0x14b0  Bonjour Service - ok
21:40:16.0266 0x14b0  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:40:16.0344 0x14b0  bowser - ok
21:40:16.0376 0x14b0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:40:16.0422 0x14b0  BrFiltLo - ok
21:40:16.0469 0x14b0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:40:16.0532 0x14b0  BrFiltUp - ok
21:40:16.0594 0x14b0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
21:40:16.0672 0x14b0  Browser - ok
21:40:16.0703 0x14b0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:40:16.0812 0x14b0  Brserid - ok
21:40:16.0844 0x14b0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:40:16.0937 0x14b0  BrSerWdm - ok
21:40:16.0968 0x14b0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:40:17.0078 0x14b0  BrUsbMdm - ok
21:40:17.0109 0x14b0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:40:17.0218 0x14b0  BrUsbSer - ok
21:40:17.0280 0x14b0  [ DA7B195275BDA7F8FCF79B40E0F45DDE, 1346E9221FD6A1DA27F0BC4F3CF5AFA60B3419931B32468107028BCD4232A708 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
21:40:17.0327 0x14b0  BthEnum - ok
21:40:17.0358 0x14b0  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:40:17.0436 0x14b0  BTHMODEM - ok
21:40:17.0468 0x14b0  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:40:17.0499 0x14b0  BthPan - ok
21:40:17.0546 0x14b0  [ 73D53F8E90550BA81E2CF44A0873B410, 2E73A2FCF668F1F18928A293A74370BF3D6DC0208D010D10FD5335DFA3706906 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:40:17.0592 0x14b0  BTHPORT - ok
21:40:17.0639 0x14b0  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
21:40:17.0655 0x14b0  BthServ - ok
21:40:17.0702 0x14b0  [ 32045A4BB143BBC5BAB1298C4E9E309A, 4009AE2D186746E076CF254FD3653AA4B07182521B772CF2825A3BBDEF4288FB ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:40:17.0733 0x14b0  BTHUSB - ok
21:40:17.0780 0x14b0  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1, 4AF75222BF49EBFA93C98DF206D715DFE2B5EB742BDE06622256F628A756AAD6 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:40:17.0795 0x14b0  btwaudio - ok
21:40:17.0826 0x14b0  [ 195872E48A7FB01F8BC9B800F70F4054, 5F37D7CE44F00791241911BA1E77AD5DAD22C08584F19367BBE27BBFA3484616 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
21:40:17.0826 0x14b0  btwavdt - ok
21:40:17.0858 0x14b0  [ 0724E7D6C9B6A289EDDDA33FA8176E80, 836BFED3A4A374AB1C699D950D87A0709F529FD65B860890699584640490DBE8 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:40:17.0873 0x14b0  btwrchid - ok
21:40:17.0920 0x14b0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:40:17.0967 0x14b0  cdfs - ok
21:40:18.0014 0x14b0  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:40:18.0045 0x14b0  cdrom - ok
21:40:18.0107 0x14b0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
21:40:18.0154 0x14b0  CertPropSvc - ok
21:40:18.0201 0x14b0  [ 44E4A7DDED054DD55AE995C3AED719AE, 4AEC662B6C024569B6E9FA56EF1F941779019940908E35B054AD3421AA448385 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
21:40:18.0216 0x14b0  cfwids - ok
21:40:18.0248 0x14b0  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:40:18.0310 0x14b0  circlass - ok
21:40:18.0357 0x14b0  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
21:40:18.0388 0x14b0  CLFS - ok
21:40:18.0466 0x14b0  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:18.0497 0x14b0  clr_optimization_v2.0.50727_32 - ok
21:40:18.0544 0x14b0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:18.0560 0x14b0  clr_optimization_v4.0.30319_32 - ok
21:40:18.0591 0x14b0  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:40:18.0653 0x14b0  CmBatt - ok
21:40:18.0684 0x14b0  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:40:18.0700 0x14b0  cmdide - ok
21:40:18.0731 0x14b0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:40:18.0747 0x14b0  Compbatt - ok
21:40:18.0762 0x14b0  COMSysApp - ok
21:40:18.0809 0x14b0  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:40:18.0825 0x14b0  crcdisk - ok
21:40:18.0856 0x14b0  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:40:18.0950 0x14b0  Crusoe - ok
21:40:19.0028 0x14b0  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:40:19.0074 0x14b0  CryptSvc - ok
21:40:19.0184 0x14b0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:40:19.0293 0x14b0  DcomLaunch - ok
21:40:19.0340 0x14b0  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:40:19.0402 0x14b0  DfsC - ok
21:40:19.0558 0x14b0  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
21:40:19.0792 0x14b0  DFSR - ok
21:40:19.0854 0x14b0  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:40:19.0932 0x14b0  Dhcp - ok
21:40:19.0979 0x14b0  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
21:40:20.0010 0x14b0  disk - ok
21:40:20.0057 0x14b0  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:40:20.0135 0x14b0  Dnscache - ok
21:40:20.0198 0x14b0  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
21:40:20.0260 0x14b0  dot3svc - ok
21:40:20.0338 0x14b0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
21:40:20.0400 0x14b0  DPS - ok
21:40:20.0463 0x14b0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:40:20.0541 0x14b0  drmkaud - ok
21:40:20.0634 0x14b0  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:40:20.0697 0x14b0  DXGKrnl - ok
21:40:20.0744 0x14b0  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:40:20.0822 0x14b0  E1G60 - ok
21:40:20.0868 0x14b0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
21:40:20.0931 0x14b0  EapHost - ok
21:40:20.0978 0x14b0  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:40:21.0009 0x14b0  Ecache - ok
21:40:21.0118 0x14b0  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:40:21.0180 0x14b0  ehRecvr - ok
21:40:21.0227 0x14b0  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
21:40:21.0258 0x14b0  ehSched - ok
21:40:21.0290 0x14b0  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
21:40:21.0336 0x14b0  ehstart - ok
21:40:21.0414 0x14b0  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:40:21.0477 0x14b0  elxstor - ok
21:40:21.0617 0x14b0  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:40:21.0726 0x14b0  EMDMgmt - ok
21:40:21.0758 0x14b0  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:40:21.0820 0x14b0  ErrDev - ok
21:40:21.0882 0x14b0  esgiguard - ok
21:40:21.0992 0x14b0  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
21:40:22.0070 0x14b0  EventSystem - ok
21:40:22.0226 0x14b0  [ 2D41D7250F73272946DE04FF7A19761E, 2688B19CB7048068D5C3CC27B7D8A88FAAF5D5BCD5DA017259C78FD47CCEF958 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:40:22.0304 0x14b0  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
21:40:24.0956 0x14b0  Detect skipped due to KSN trusted
21:40:24.0956 0x14b0  EvtEng - ok
21:40:25.0080 0x14b0  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:40:25.0143 0x14b0  exfat - ok
21:40:25.0190 0x14b0  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:40:25.0268 0x14b0  fastfat - ok
21:40:25.0314 0x14b0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:40:25.0377 0x14b0  fdc - ok
21:40:25.0439 0x14b0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
21:40:25.0486 0x14b0  fdPHost - ok
21:40:25.0517 0x14b0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:40:25.0611 0x14b0  FDResPub - ok
21:40:25.0673 0x14b0  ffdshow manager - ok
21:40:25.0704 0x14b0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:40:25.0751 0x14b0  FileInfo - ok
21:40:25.0782 0x14b0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:40:25.0845 0x14b0  Filetrace - ok
21:40:25.0892 0x14b0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:25.0954 0x14b0  flpydisk - ok
21:40:26.0001 0x14b0  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:40:26.0048 0x14b0  FltMgr - ok
21:40:26.0172 0x14b0  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
21:40:26.0266 0x14b0  FontCache - ok
21:40:26.0375 0x14b0  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:40:26.0406 0x14b0  FontCache3.0.0.0 - ok
21:40:26.0453 0x14b0  [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:40:26.0469 0x14b0  fssfltr - ok
21:40:26.0672 0x14b0  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:40:26.0843 0x14b0  fsssvc - ok
21:40:26.0890 0x14b0  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:40:26.0952 0x14b0  Fs_Rec - ok
21:40:26.0999 0x14b0  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:40:27.0030 0x14b0  gagp30kx - ok
21:40:27.0077 0x14b0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:40:27.0093 0x14b0  GEARAspiWDM - ok
21:40:27.0202 0x14b0  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
21:40:27.0311 0x14b0  gpsvc - ok
21:40:27.0389 0x14b0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:27.0420 0x14b0  gupdate - ok
21:40:27.0436 0x14b0  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:27.0467 0x14b0  gupdatem - ok
21:40:27.0498 0x14b0  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:40:27.0608 0x14b0  HdAudAddService - ok
21:40:27.0686 0x14b0  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:40:27.0748 0x14b0  HDAudBus - ok
21:40:27.0779 0x14b0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:40:27.0842 0x14b0  HidBth - ok
21:40:27.0888 0x14b0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:40:27.0951 0x14b0  HidIr - ok
21:40:27.0998 0x14b0  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
21:40:28.0029 0x14b0  hidserv - ok
21:40:28.0060 0x14b0  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:40:28.0122 0x14b0  HidUsb - ok
21:40:28.0169 0x14b0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:40:28.0200 0x14b0  hkmsvc - ok
21:40:28.0232 0x14b0  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:40:28.0247 0x14b0  HpCISSs - ok
21:40:28.0294 0x14b0  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:40:28.0388 0x14b0  HTTP - ok
21:40:28.0419 0x14b0  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:40:28.0434 0x14b0  i2omp - ok
21:40:28.0466 0x14b0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:40:28.0512 0x14b0  i8042prt - ok
21:40:28.0606 0x14b0  [ 496DB78E6A0C4C44023D9A92B4A7AC31, 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:40:28.0809 0x14b0  ialm - ok
21:40:28.0871 0x14b0  [ ABFEBC5F846C71AFEBD7F8F6BA740C03, 3BD7EA27EC21A7A9BE544A11E5A284DF00FFB3E2554DDBE113802153D62DFDEF ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:40:28.0887 0x14b0  iaStor - ok
21:40:28.0934 0x14b0  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:40:28.0949 0x14b0  iaStorV - ok
21:40:29.0043 0x14b0  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:29.0105 0x14b0  idsvc - ok
21:40:29.0136 0x14b0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:40:29.0152 0x14b0  iirsp - ok
21:40:29.0214 0x14b0  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:40:29.0292 0x14b0  IKEEXT - ok
21:40:29.0433 0x14b0  [ FFD2B3BC042596ABE785D3C15F51AB46, C2CA6E15FE95ADE211325CA907FBC213DB3B5E871DBD22CC485837FAB4E9BCEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:40:29.0651 0x14b0  IntcAzAudAddService - ok
21:40:29.0807 0x14b0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
21:40:29.0823 0x14b0  intelide - ok
21:40:29.0854 0x14b0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:40:29.0916 0x14b0  intelppm - ok
21:40:29.0979 0x14b0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:40:30.0057 0x14b0  IPBusEnum - ok
21:40:30.0088 0x14b0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:30.0150 0x14b0  IpFilterDriver - ok
21:40:30.0213 0x14b0  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:40:30.0291 0x14b0  iphlpsvc - ok
21:40:30.0322 0x14b0  IpInIp - ok
21:40:30.0369 0x14b0  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:40:30.0431 0x14b0  IPMIDRV - ok
21:40:30.0478 0x14b0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:40:30.0540 0x14b0  IPNAT - ok
21:40:30.0665 0x14b0  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:40:30.0728 0x14b0  iPod Service - ok
21:40:30.0759 0x14b0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:40:30.0806 0x14b0  IRENUM - ok
21:40:30.0837 0x14b0  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:40:30.0852 0x14b0  isapnp - ok
21:40:30.0899 0x14b0  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:40:30.0915 0x14b0  iScsiPrt - ok
21:40:30.0946 0x14b0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:40:30.0962 0x14b0  iteatapi - ok
21:40:30.0993 0x14b0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:40:31.0008 0x14b0  iteraid - ok
21:40:31.0040 0x14b0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:40:31.0055 0x14b0  kbdclass - ok
21:40:31.0102 0x14b0  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:40:31.0133 0x14b0  kbdhid - ok
21:40:31.0196 0x14b0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
21:40:31.0227 0x14b0  KeyIso - ok
21:40:31.0274 0x14b0  [ EBC507F129DF8F0E0CA270DCFC0CF87F, 232E2C4118A3177019E111E23D02F669338AE251308DE9BEDE3869C1208D7F0B ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
21:40:31.0289 0x14b0  KMDFMEMIO - ok
21:40:31.0352 0x14b0  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A, 573681387B27FB2C8DC6612474B9BB8631F6CD3CED29AEBF91992606875724D2 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:40:31.0383 0x14b0  KMWDFILTER - ok
21:40:31.0445 0x14b0  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:40:31.0492 0x14b0  KSecDD - ok
21:40:31.0570 0x14b0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:40:31.0679 0x14b0  KtmRm - ok
21:40:31.0742 0x14b0  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:40:31.0773 0x14b0  LanmanServer - ok
21:40:31.0835 0x14b0  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:31.0866 0x14b0  LanmanWorkstation - ok
21:40:31.0960 0x14b0  [ C215E09622118383B236DD56C2065183, AF5F7C8806BF9C203DB8AD9DA2062E31FF9A2282B5FE1222A3B9DEEB435EBAB4 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:40:31.0960 0x14b0  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
21:40:34.0440 0x14b0  Detect skipped due to KSN trusted
21:40:34.0440 0x14b0  LightScribeService - ok
21:40:34.0503 0x14b0  [ F8A7212D0864EF5E9185FB95E6623F4D, 277EAA06BD3D1CB31E6CD7B9ECD3A4B7D4AB7A369DB5FFF04EC7D749DF26E3D2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
21:40:34.0534 0x14b0  lirsgt - ok
21:40:34.0581 0x14b0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:40:34.0643 0x14b0  lltdio - ok
21:40:34.0690 0x14b0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:40:34.0768 0x14b0  lltdsvc - ok
21:40:34.0815 0x14b0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:40:34.0908 0x14b0  lmhosts - ok
21:40:34.0971 0x14b0  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:40:35.0002 0x14b0  LSI_FC - ok
21:40:35.0033 0x14b0  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:40:35.0064 0x14b0  LSI_SAS - ok
21:40:35.0111 0x14b0  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:40:35.0127 0x14b0  LSI_SCSI - ok
21:40:35.0174 0x14b0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:40:35.0236 0x14b0  luafv - ok
21:40:35.0330 0x14b0  [ B26A3EA976E6FD5C03C65F6E5824AD7C, CBEFC3C62E0328C347AC6A4FAF42979AC4E0E6E5EE9DEAE605B0C7E60F297696 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:40:35.0361 0x14b0  mcmscsvc - ok
21:40:35.0408 0x14b0  [ B26A3EA976E6FD5C03C65F6E5824AD7C, CBEFC3C62E0328C347AC6A4FAF42979AC4E0E6E5EE9DEAE605B0C7E60F297696 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:40:35.0439 0x14b0  McNASvc - ok
21:40:35.0470 0x14b0  [ B26A3EA976E6FD5C03C65F6E5824AD7C, CBEFC3C62E0328C347AC6A4FAF42979AC4E0E6E5EE9DEAE605B0C7E60F297696 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:40:35.0501 0x14b0  McProxy - ok
21:40:35.0548 0x14b0  [ 861255C3ED2ACE9DF92ED10A6A174BAC, 41716C4CFA286A78308180BF08F81F24F4EAB968CAD679F379D1B8242ECB824C ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:40:35.0579 0x14b0  McShield - ok
21:40:35.0642 0x14b0  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:40:35.0673 0x14b0  Mcx2Svc - ok
21:40:35.0704 0x14b0  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
21:40:35.0735 0x14b0  megasas - ok
21:40:35.0798 0x14b0  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:40:35.0860 0x14b0  MegaSR - ok
21:40:35.0907 0x14b0  [ B77E959E1C50D3E3A9D9EF423BE62E09, 03BC07178E8251C6BD5EE04074555847CC712F28467F77D87AB44FA0BD5F501F ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
21:40:35.0922 0x14b0  mfeapfk - ok
21:40:36.0000 0x14b0  [ E84596FCB591117F5597498A5F82AD97, 2746C6F874F9BDCC4F86A3BEFD8065966A6C755835AB06BAABE04904EA17A880 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
21:40:36.0032 0x14b0  mfeavfk - ok
21:40:36.0063 0x14b0  [ D40CE01E2D3FE0C079CD2D6B3E4B823B, C257B3A74EF5BA4A066841B2424A26A4C607F2E4F33456EB76AB6B68781F6FC1 ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
21:40:36.0078 0x14b0  mfebopk - ok
21:40:36.0125 0x14b0  [ E96F9CF4F8D244FDD5181FE90826E28F, 3A9789A44FCB5162F2A1846308EBE19C823C64EE97A07041C5AB0486C8F5EDB9 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:40:36.0156 0x14b0  mfefire - ok
21:40:36.0219 0x14b0  [ 3962C6A9E35C4319DCDAB0497614FD69, 60590AF645ACC96C1EC7FCBE7E35A54AAD3AA708F2FA57202F9ED3A50CEDE1E4 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
21:40:36.0266 0x14b0  mfefirek - ok
21:40:36.0328 0x14b0  [ E7ECF7872BF8F2897AE5A696D908C2F7, ED0B11F0A261BF30039BE506EFC472083FEA6EBEC334036545AB359DFA8E6A4B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
21:40:36.0375 0x14b0  mfehidk - ok
21:40:36.0422 0x14b0  [ 738EA065C00112C46A64ECF7F6D81902, E2E9473FC26A9AB4A907B79196EFDD474EFFA833BCE23CCEEE3817851FE7B17D ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
21:40:36.0437 0x14b0  mfenlfk - ok
21:40:36.0500 0x14b0  [ E411594AC94BAEF7F8EA991CC8F47FD1, 2E4432DAD9B24FEF9455D51F005E5875FCD786BBB95BECDEED7D512A22757435 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
21:40:36.0531 0x14b0  mferkdet - ok
21:40:36.0578 0x14b0  [ B0E1CE9ED1E5EA5642EB6602016B70CC, 3809481DB4FF5D674FD1577BFABA5349C17115DE4CAD6601C99A554577DD841A ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
21:40:36.0609 0x14b0  mfevtp - ok
21:40:36.0640 0x14b0  [ 53ED75F57E87831D3651FF32CB3D5648, D7CD64FB31311C1C46A4AF8B273EBBC10622124AE803CE4A87D218BF51C2D7AA ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
21:40:36.0671 0x14b0  mfewfpk - ok
21:40:36.0718 0x14b0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
21:40:36.0796 0x14b0  MMCSS - ok
21:40:36.0843 0x14b0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
21:40:36.0905 0x14b0  Modem - ok
21:40:36.0952 0x14b0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:40:37.0014 0x14b0  monitor - ok
21:40:37.0061 0x14b0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:40:37.0077 0x14b0  mouclass - ok
21:40:37.0124 0x14b0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:40:37.0170 0x14b0  mouhid - ok
21:40:37.0202 0x14b0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:40:37.0233 0x14b0  MountMgr - ok
21:40:37.0280 0x14b0  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:40:37.0311 0x14b0  mpio - ok
21:40:37.0358 0x14b0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:40:37.0389 0x14b0  mpsdrv - ok
21:40:37.0482 0x14b0  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:40:37.0545 0x14b0  MpsSvc - ok
21:40:37.0592 0x14b0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:40:37.0607 0x14b0  Mraid35x - ok
21:40:37.0670 0x14b0  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:40:37.0716 0x14b0  MRxDAV - ok
21:40:37.0779 0x14b0  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:37.0857 0x14b0  mrxsmb - ok
21:40:37.0935 0x14b0  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:37.0997 0x14b0  mrxsmb10 - ok
21:40:38.0028 0x14b0  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:38.0091 0x14b0  mrxsmb20 - ok
21:40:38.0138 0x14b0  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:40:38.0169 0x14b0  msahci - ok
21:40:38.0200 0x14b0  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:40:38.0231 0x14b0  msdsm - ok
21:40:38.0278 0x14b0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
21:40:38.0356 0x14b0  MSDTC - ok
21:40:38.0418 0x14b0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:40:38.0481 0x14b0  Msfs - ok
21:40:38.0528 0x14b0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:40:38.0559 0x14b0  msisadrv - ok
21:40:38.0606 0x14b0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:40:38.0684 0x14b0  MSiSCSI - ok
21:40:38.0699 0x14b0  msiserver - ok
21:40:38.0746 0x14b0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:40:38.0793 0x14b0  MSKSSRV - ok
21:40:38.0824 0x14b0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:38.0871 0x14b0  MSPCLOCK - ok
21:40:38.0886 0x14b0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:40:38.0933 0x14b0  MSPQM - ok
21:40:38.0980 0x14b0  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:40:39.0011 0x14b0  MsRPC - ok
21:40:39.0042 0x14b0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:40:39.0042 0x14b0  mssmbios - ok
21:40:39.0074 0x14b0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:40:39.0105 0x14b0  MSTEE - ok
21:40:39.0167 0x14b0  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:40:39.0183 0x14b0  Mup - ok
21:40:39.0245 0x14b0  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
21:40:39.0292 0x14b0  napagent - ok
21:40:39.0339 0x14b0  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:40:39.0386 0x14b0  NativeWifiP - ok
21:40:39.0479 0x14b0  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:40:39.0510 0x14b0  NDIS - ok
21:40:39.0557 0x14b0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:39.0604 0x14b0  NdisTapi - ok
21:40:39.0635 0x14b0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:39.0698 0x14b0  Ndisuio - ok
21:40:39.0744 0x14b0  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:39.0776 0x14b0  NdisWan - ok
21:40:39.0807 0x14b0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:40:39.0838 0x14b0  NDProxy - ok
21:40:39.0869 0x14b0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:40:39.0916 0x14b0  NetBIOS - ok
21:40:39.0978 0x14b0  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:40:40.0010 0x14b0  netbt - ok
21:40:40.0025 0x14b0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
21:40:40.0041 0x14b0  Netlogon - ok
21:40:40.0103 0x14b0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
21:40:40.0134 0x14b0  Netman - ok
21:40:40.0197 0x14b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:40:40.0212 0x14b0  NetMsmqActivator - ok
21:40:40.0228 0x14b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:40:40.0259 0x14b0  NetPipeActivator - ok
21:40:40.0290 0x14b0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
21:40:40.0337 0x14b0  netprofm - ok
21:40:40.0353 0x14b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:40:40.0384 0x14b0  NetTcpActivator - ok
21:40:40.0400 0x14b0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:40:40.0415 0x14b0  NetTcpPortSharing - ok
21:40:40.0571 0x14b0  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
21:40:40.0805 0x14b0  NETw3v32 - ok
21:40:40.0852 0x14b0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:40:40.0852 0x14b0  nfrd960 - ok
21:40:40.0899 0x14b0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:40:40.0961 0x14b0  NlaSvc - ok
21:40:41.0008 0x14b0  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:40:41.0039 0x14b0  Npfs - ok
21:40:41.0086 0x14b0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
21:40:41.0117 0x14b0  nsi - ok
21:40:41.0148 0x14b0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:40:41.0180 0x14b0  nsiproxy - ok
21:40:41.0273 0x14b0  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:40:41.0351 0x14b0  Ntfs - ok
21:40:41.0398 0x14b0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:40:41.0460 0x14b0  ntrigdigi - ok
21:40:41.0492 0x14b0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
21:40:41.0538 0x14b0  Null - ok
21:40:41.0601 0x14b0  [ 77F9F9A199B87FE3F852E12F5419240B, BE9C05F2AC12BB41EC71A596039F2116E5A0F454D32E5A618112296721001473 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
21:40:41.0616 0x14b0  NVHDA - ok
21:40:42.0038 0x14b0  [ 2FA5434344AF84D73F66BA402FF78690, D244C9BA5C9A582C17AA5DE3BE78A2C177AC2CEE5EE6C0E62A52AED7C51B0FB1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:40:42.0584 0x14b0  nvlddmkm - ok
21:40:42.0677 0x14b0  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:40:42.0693 0x14b0  nvraid - ok
21:40:42.0724 0x14b0  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:40:42.0740 0x14b0  nvstor - ok
21:40:42.0833 0x14b0  [ B785320CBCF5021DE9945C803696C511, 01D374F6F0EEA385A25DA375EDDD83F5F6F3FEC6D5C3F844AE2DDE75C451A623 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:40:42.0864 0x14b0  nvsvc - ok
21:40:43.0005 0x14b0  [ D2B064796C369F82E96397F721C4A29D, 49A9E7DBCFFE5C8D0B22088193277366BAEA7D6CF51894BD4030F7C96275237B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:40:43.0098 0x14b0  nvUpdatusService - ok
21:40:43.0161 0x14b0  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:40:43.0176 0x14b0  nv_agp - ok
21:40:43.0192 0x14b0  NwlnkFlt - ok
21:40:43.0223 0x14b0  NwlnkFwd - ok
21:40:43.0270 0x14b0  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:40:43.0301 0x14b0  ohci1394 - ok
21:40:43.0348 0x14b0  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:43.0379 0x14b0  ose - ok
21:40:43.0473 0x14b0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:40:43.0535 0x14b0  p2pimsvc - ok
21:40:43.0582 0x14b0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:40:43.0660 0x14b0  p2psvc - ok
21:40:43.0707 0x14b0  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
21:40:43.0785 0x14b0  Parport - ok
21:40:43.0832 0x14b0  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:40:43.0863 0x14b0  partmgr - ok
21:40:43.0894 0x14b0  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:40:43.0972 0x14b0  Parvdm - ok
21:40:44.0019 0x14b0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:40:44.0066 0x14b0  PcaSvc - ok
21:40:44.0112 0x14b0  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
21:40:44.0144 0x14b0  pci - ok
21:40:44.0175 0x14b0  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:40:44.0190 0x14b0  pciide - ok
21:40:44.0237 0x14b0  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:40:44.0253 0x14b0  pcmcia - ok
21:40:44.0331 0x14b0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:40:44.0487 0x14b0  PEAUTH - ok
21:40:44.0658 0x14b0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
21:40:44.0846 0x14b0  pla - ok
21:40:44.0939 0x14b0  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:40:45.0017 0x14b0  PlugPlay - ok
21:40:45.0095 0x14b0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:40:45.0173 0x14b0  PNRPAutoReg - ok
21:40:45.0236 0x14b0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:40:45.0345 0x14b0  PNRPsvc - ok
21:40:45.0423 0x14b0  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:40:45.0501 0x14b0  PolicyAgent - ok
21:40:45.0563 0x14b0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:40:45.0641 0x14b0  PptpMiniport - ok
21:40:45.0688 0x14b0  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
21:40:45.0750 0x14b0  Processor - ok
21:40:45.0828 0x14b0  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
21:40:45.0875 0x14b0  ProfSvc - ok
21:40:45.0906 0x14b0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
21:40:45.0938 0x14b0  ProtectedStorage - ok
21:40:45.0984 0x14b0  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:40:46.0047 0x14b0  PSched - ok
21:40:46.0156 0x14b0  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:40:46.0312 0x14b0  ql2300 - ok
21:40:46.0359 0x14b0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:40:46.0390 0x14b0  ql40xx - ok
21:40:46.0437 0x14b0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
21:40:46.0484 0x14b0  QWAVE - ok
21:40:46.0515 0x14b0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:40:46.0562 0x14b0  QWAVEdrv - ok
21:40:46.0593 0x14b0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:40:46.0624 0x14b0  RasAcd - ok
21:40:46.0671 0x14b0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
21:40:46.0718 0x14b0  RasAuto - ok
21:40:46.0749 0x14b0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:46.0796 0x14b0  Rasl2tp - ok
21:40:46.0858 0x14b0  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
21:40:46.0889 0x14b0  RasMan - ok
21:40:46.0936 0x14b0  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:46.0967 0x14b0  RasPppoe - ok
21:40:46.0998 0x14b0  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:40:47.0030 0x14b0  RasSstp - ok
21:40:47.0076 0x14b0  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:40:47.0123 0x14b0  rdbss - ok
21:40:47.0170 0x14b0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:47.0217 0x14b0  RDPCDD - ok
21:40:47.0264 0x14b0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:40:47.0295 0x14b0  rdpdr - ok
21:40:47.0310 0x14b0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:40:47.0357 0x14b0  RDPENCDD - ok
21:40:47.0420 0x14b0  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:40:47.0451 0x14b0  RDPWD - ok
21:40:47.0544 0x14b0  [ ED8C9F16E10C1E4C4C5D16CD04966E24, B7A289C14A08FA89C35776BFF53277CF5EEF4C59246B6221B99327E5B0547CD9 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:40:47.0607 0x14b0  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
21:40:49.0994 0x14b0  Detect skipped due to KSN trusted
21:40:49.0994 0x14b0  RegSrvc - ok
21:40:50.0072 0x14b0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:40:50.0150 0x14b0  RemoteAccess - ok
21:40:50.0212 0x14b0  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:40:50.0274 0x14b0  RemoteRegistry - ok
21:40:50.0321 0x14b0  [ 10536B0AD6F416FC7F1149977C28CCDC, F0CE929BBA996762D59570338AC2E7DCC920E76E2E945FEB629E8EBE1B311D19 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:40:50.0352 0x14b0  RFCOMM - ok
21:40:50.0415 0x14b0  [ EEC7EE5675294B03E88AA868540007C1, 4FA2DFD007ED0B6276D80D7948E5A676620BB120BAF2BDB22D2D1E6ABA08F1B4 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
21:40:50.0477 0x14b0  RMCAST - ok
21:40:50.0524 0x14b0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
21:40:50.0540 0x14b0  RpcLocator - ok
21:40:50.0649 0x14b0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
21:40:50.0727 0x14b0  RpcSs - ok
21:40:50.0774 0x14b0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:40:50.0836 0x14b0  rspndr - ok
21:40:50.0883 0x14b0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
21:40:50.0914 0x14b0  SamSs - ok
21:40:50.0945 0x14b0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:40:50.0976 0x14b0  sbp2port - ok
21:40:51.0039 0x14b0  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:40:51.0086 0x14b0  SCardSvr - ok
21:40:51.0195 0x14b0  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
21:40:51.0257 0x14b0  Schedule - ok
21:40:51.0304 0x14b0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:40:51.0351 0x14b0  SCPolicySvc - ok
21:40:51.0398 0x14b0  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:40:51.0460 0x14b0  sdbus - ok
21:40:51.0522 0x14b0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:40:51.0569 0x14b0  SDRSVC - ok
21:40:51.0600 0x14b0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:40:51.0710 0x14b0  secdrv - ok
21:40:51.0756 0x14b0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
21:40:51.0819 0x14b0  seclogon - ok
21:40:51.0850 0x14b0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
21:40:51.0912 0x14b0  SENS - ok
21:40:51.0944 0x14b0  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:40:52.0053 0x14b0  Serenum - ok
21:40:52.0100 0x14b0  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
21:40:52.0146 0x14b0  Serial - ok
21:40:52.0162 0x14b0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:40:52.0193 0x14b0  sermouse - ok
21:40:52.0209 0x14b0  serviceIEConfig - ok
21:40:52.0271 0x14b0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:40:52.0334 0x14b0  SessionEnv - ok
21:40:52.0365 0x14b0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:40:52.0412 0x14b0  sffdisk - ok
21:40:52.0427 0x14b0  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:40:52.0490 0x14b0  sffp_mmc - ok
21:40:52.0536 0x14b0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:40:52.0568 0x14b0  sffp_sd - ok
21:40:52.0583 0x14b0  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:40:52.0646 0x14b0  sfloppy - ok
21:40:52.0708 0x14b0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:40:52.0755 0x14b0  SharedAccess - ok
21:40:52.0817 0x14b0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:52.0833 0x14b0  ShellHWDetection - ok
21:40:52.0864 0x14b0  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:40:52.0895 0x14b0  sisagp - ok
21:40:52.0926 0x14b0  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:40:52.0942 0x14b0  SiSRaid2 - ok
21:40:52.0973 0x14b0  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:40:52.0989 0x14b0  SiSRaid4 - ok
21:40:53.0207 0x14b0  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
21:40:53.0504 0x14b0  slsvc - ok
21:40:53.0550 0x14b0  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:40:53.0613 0x14b0  SLUINotify - ok
21:40:53.0660 0x14b0  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:40:53.0706 0x14b0  Smb - ok
21:40:53.0784 0x14b0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:40:53.0800 0x14b0  SNMPTRAP - ok
21:40:53.0847 0x14b0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:40:53.0862 0x14b0  spldr - ok
21:40:53.0925 0x14b0  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
21:40:53.0972 0x14b0  Spooler - ok
21:40:54.0050 0x14b0  [ 9263C8898732E2B890F7E954E7729AB7, DEBFD81E702893427972A6565A9AAA54A09B9F7F30CA9391011C6F7FB758A3F4 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:40:54.0065 0x14b0  SQLWriter - ok
21:40:54.0143 0x14b0  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:40:54.0221 0x14b0  srv - ok
21:40:54.0268 0x14b0  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:40:54.0330 0x14b0  srv2 - ok
21:40:54.0408 0x14b0  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:40:54.0455 0x14b0  srvnet - ok
21:40:54.0518 0x14b0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:40:54.0580 0x14b0  SSDPSRV - ok
21:40:54.0642 0x14b0  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:40:54.0658 0x14b0  ssmdrv - ok
21:40:54.0689 0x14b0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:40:54.0752 0x14b0  SstpSvc - ok
21:40:54.0830 0x14b0  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
21:40:54.0892 0x14b0  stisvc - ok
21:40:54.0939 0x14b0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:40:54.0954 0x14b0  swenum - ok
21:40:55.0001 0x14b0  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
21:40:55.0032 0x14b0  swprv - ok
21:40:55.0064 0x14b0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:40:55.0079 0x14b0  Symc8xx - ok
21:40:55.0110 0x14b0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:40:55.0126 0x14b0  Sym_hi - ok
21:40:55.0157 0x14b0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:40:55.0173 0x14b0  Sym_u3 - ok
21:40:55.0220 0x14b0  [ 451E8037E2EB6DA6BDF0A66F65D1810B, 98E94486560A00B33E19902BB1B5CE51168E583E9303B3A2F7337D3501887B34 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:40:55.0235 0x14b0  SynTP - ok
21:40:55.0329 0x14b0  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
21:40:55.0407 0x14b0  SysMain - ok
21:40:55.0469 0x14b0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:55.0485 0x14b0  TabletInputService - ok
21:40:55.0547 0x14b0  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:40:55.0594 0x14b0  TapiSrv - ok
21:40:55.0641 0x14b0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
21:40:55.0703 0x14b0  TBS - ok
21:40:55.0812 0x14b0  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:40:55.0890 0x14b0  Tcpip - ok
21:40:55.0953 0x14b0  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:40:56.0031 0x14b0  Tcpip6 - ok
21:40:56.0093 0x14b0  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:40:56.0124 0x14b0  tcpipreg - ok
21:40:56.0156 0x14b0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:40:56.0218 0x14b0  TDPIPE - ok
21:40:56.0249 0x14b0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:40:56.0312 0x14b0  TDTCP - ok
21:40:56.0358 0x14b0  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:40:56.0405 0x14b0  tdx - ok
21:40:56.0452 0x14b0  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:40:56.0483 0x14b0  TermDD - ok
21:40:56.0546 0x14b0  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
21:40:56.0624 0x14b0  TermService - ok
21:40:56.0686 0x14b0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
21:40:56.0733 0x14b0  Themes - ok
21:40:56.0764 0x14b0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:40:56.0826 0x14b0  THREADORDER - ok
21:40:56.0889 0x14b0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
21:40:56.0967 0x14b0  TrkWks - ok
21:40:57.0029 0x14b0  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:40:57.0092 0x14b0  TrustedInstaller - ok
21:40:57.0154 0x14b0  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:57.0185 0x14b0  tssecsrv - ok
21:40:57.0216 0x14b0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:40:57.0263 0x14b0  tunmp - ok
21:40:57.0326 0x14b0  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:40:57.0341 0x14b0  tunnel - ok
21:40:57.0388 0x14b0  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:40:57.0404 0x14b0  uagp35 - ok
21:40:57.0466 0x14b0  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:40:57.0513 0x14b0  udfs - ok
21:40:57.0591 0x14b0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:40:57.0638 0x14b0  UI0Detect - ok
21:40:57.0684 0x14b0  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:40:57.0716 0x14b0  uliagpkx - ok
21:40:57.0762 0x14b0  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:40:57.0794 0x14b0  uliahci - ok
21:40:57.0840 0x14b0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:40:57.0856 0x14b0  UlSata - ok
21:40:57.0903 0x14b0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:40:57.0934 0x14b0  ulsata2 - ok
21:40:57.0965 0x14b0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:40:58.0012 0x14b0  umbus - ok
21:40:58.0074 0x14b0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
21:40:58.0168 0x14b0  upnphost - ok
21:40:58.0230 0x14b0  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:58.0262 0x14b0  usbccgp - ok
21:40:58.0293 0x14b0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:40:58.0355 0x14b0  usbcir - ok
21:40:58.0402 0x14b0  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:40:58.0433 0x14b0  usbehci - ok
21:40:58.0496 0x14b0  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:40:58.0527 0x14b0  usbhub - ok
21:40:58.0574 0x14b0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:40:58.0636 0x14b0  usbohci - ok
21:40:58.0683 0x14b0  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:40:58.0714 0x14b0  usbprint - ok
21:40:58.0761 0x14b0  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:40:58.0792 0x14b0  usbscan - ok
21:40:58.0839 0x14b0  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:58.0886 0x14b0  USBSTOR - ok
21:40:58.0932 0x14b0  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:40:58.0964 0x14b0  usbuhci - ok
21:40:59.0026 0x14b0  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:40:59.0073 0x14b0  usbvideo - ok
21:40:59.0135 0x14b0  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
21:40:59.0166 0x14b0  UxSms - ok
21:40:59.0229 0x14b0  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
21:40:59.0322 0x14b0  vds - ok
21:40:59.0385 0x14b0  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:59.0432 0x14b0  vga - ok
21:40:59.0478 0x14b0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:40:59.0525 0x14b0  VgaSave - ok
21:40:59.0556 0x14b0  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:40:59.0588 0x14b0  viaagp - ok
21:40:59.0619 0x14b0  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:40:59.0650 0x14b0  ViaC7 - ok
21:40:59.0712 0x14b0  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
21:40:59.0728 0x14b0  viaide - ok
21:40:59.0744 0x14b0  VMC302 - ok
21:40:59.0806 0x14b0  [ B4FC3E68EF1AD16D6D60240D2A5445D8, E92531B58ED149609DC621B056FF75F64983F08F63A51522CD6CD17FDF99F705 ] VMC326          C:\Windows\system32\Drivers\VMC326.sys
21:40:59.0853 0x14b0  VMC326 - ok
21:40:59.0884 0x14b0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:40:59.0915 0x14b0  volmgr - ok
21:40:59.0978 0x14b0  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:41:00.0009 0x14b0  volmgrx - ok
21:41:00.0071 0x14b0  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:41:00.0071 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 786DB5771F05EF300390399F626BF30A, sha256: 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7
21:41:00.0102 0x14b0  volsnap - detected LockedFile.Multi.Generic ( 1 )
21:41:02.0770 0x14b0  Detect skipped due to KSN trusted
21:41:02.0770 0x14b0  volsnap - ok
21:41:02.0848 0x14b0  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:41:02.0864 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vsmraid.sys. md5: 587253E09325E6BF226B299774B728A9, sha256: C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF
21:41:02.0895 0x14b0  vsmraid - detected LockedFile.Multi.Generic ( 1 )
21:41:05.0375 0x14b0  Detect skipped due to KSN trusted
21:41:05.0375 0x14b0  vsmraid - ok
21:41:05.0500 0x14b0  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
21:41:05.0672 0x14b0  VSS - ok
21:41:05.0734 0x14b0  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
21:41:05.0812 0x14b0  W32Time - ok
21:41:05.0874 0x14b0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:41:05.0874 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wacompen.sys. md5: 48DFEE8F1AF7C8235D4E626F0C4FE031, sha256: A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148
21:41:05.0906 0x14b0  WacomPen - detected LockedFile.Multi.Generic ( 1 )
21:41:08.0402 0x14b0  Detect skipped due to KSN trusted
21:41:08.0402 0x14b0  WacomPen - ok
21:41:08.0480 0x14b0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:41:08.0480 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 55201897378CCA7AF8B5EFD874374A26, sha256: 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC
21:41:08.0495 0x14b0  Wanarp - detected LockedFile.Multi.Generic ( 1 )
21:41:10.0991 0x14b0  Detect skipped due to KSN trusted
21:41:10.0991 0x14b0  Wanarp - ok
21:41:11.0007 0x14b0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:41:11.0007 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 55201897378CCA7AF8B5EFD874374A26, sha256: 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC
21:41:11.0022 0x14b0  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
21:41:11.0022 0x14b0  Detect skipped due to KSN trusted
21:41:11.0022 0x14b0  Wanarpv6 - ok
21:41:11.0147 0x14b0  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:41:11.0241 0x14b0  wcncsvc - ok
21:41:11.0288 0x14b0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:41:11.0366 0x14b0  WcsPlugInService - ok
21:41:11.0412 0x14b0  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
21:41:11.0412 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wd.sys. md5: 78FE9542363F297B18C027B2D7E7C07F, sha256: 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE
21:41:11.0412 0x14b0  Wd - detected LockedFile.Multi.Generic ( 1 )
21:41:13.0815 0x14b0  Detect skipped due to KSN trusted
21:41:13.0815 0x14b0  Wd - ok
21:41:13.0908 0x14b0  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:41:13.0908 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 25944D2CC49E0A6C581D02A74B7D6645, sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
21:41:13.0908 0x14b0  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
21:41:16.0482 0x14b0  Detect skipped due to KSN trusted
21:41:16.0482 0x14b0  Wdf01000 - ok
21:41:16.0545 0x14b0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:41:16.0623 0x14b0  WdiServiceHost - ok
21:41:16.0654 0x14b0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:41:16.0716 0x14b0  WdiSystemHost - ok
21:41:16.0794 0x14b0  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
21:41:16.0857 0x14b0  WebClient - ok
21:41:16.0919 0x14b0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:41:16.0966 0x14b0  Wecsvc - ok
21:41:17.0013 0x14b0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:41:17.0091 0x14b0  wercplsupport - ok
21:41:17.0153 0x14b0  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:41:17.0231 0x14b0  WerSvc - ok
21:41:17.0309 0x14b0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:41:17.0356 0x14b0  WinDefend - ok
21:41:17.0418 0x14b0  WinHttpAutoProxySvc - ok
21:41:17.0512 0x14b0  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:41:17.0574 0x14b0  Winmgmt - ok
21:41:17.0730 0x14b0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:41:17.0871 0x14b0  WinRM - ok
21:41:17.0980 0x14b0  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:41:18.0058 0x14b0  Wlansvc - ok
21:41:18.0120 0x14b0  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:41:18.0152 0x14b0  wlcrasvc - ok
21:41:18.0292 0x14b0  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:41:18.0448 0x14b0  wlidsvc - ok
21:41:18.0510 0x14b0  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:41:18.0510 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 2E7255D172DF0B8283CDFB7B433B864E, sha256: 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3
21:41:18.0542 0x14b0  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
21:41:24.0345 0x14b0  Detect skipped due to KSN trusted
21:41:24.0345 0x14b0  WmiAcpi - ok
21:41:24.0407 0x14b0  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:41:24.0470 0x14b0  wmiApSrv - ok
21:41:24.0610 0x14b0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:41:24.0719 0x14b0  WMPNetworkSvc - ok
21:41:24.0766 0x14b0  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:41:24.0813 0x14b0  WPCSvc - ok
21:41:24.0875 0x14b0  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:41:24.0938 0x14b0  WPDBusEnum - ok
21:41:24.0984 0x14b0  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:41:24.0984 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wpdusb.sys. md5: DE9D36F91A4DF3D911626643DEBF11EA, sha256: 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0
21:41:25.0016 0x14b0  WpdUsb - detected LockedFile.Multi.Generic ( 1 )
21:41:31.0146 0x14b0  Detect skipped due to KSN trusted
21:41:31.0146 0x14b0  WpdUsb - ok
21:41:31.0302 0x14b0  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:41:31.0396 0x14b0  WPFFontCache_v0400 - ok
21:41:31.0458 0x14b0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:41:31.0458 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: E3A3CB253C0EC2494D4A61F5E43A389C, sha256: 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79
21:41:31.0458 0x14b0  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
21:41:33.0939 0x14b0  Detect skipped due to KSN trusted
21:41:33.0939 0x14b0  ws2ifsl - ok
21:41:34.0001 0x14b0  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:41:34.0032 0x14b0  wscsvc - ok
21:41:34.0064 0x14b0  WSearch - ok
21:41:34.0251 0x14b0  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:41:34.0407 0x14b0  wuauserv - ok
21:41:34.0485 0x14b0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:41:34.0485 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
21:41:34.0500 0x14b0  WudfPf - detected LockedFile.Multi.Generic ( 1 )
21:41:36.0981 0x14b0  Detect skipped due to KSN trusted
21:41:36.0981 0x14b0  WudfPf - ok
21:41:37.0059 0x14b0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:37.0059 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
21:41:37.0074 0x14b0  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
21:41:39.0742 0x14b0  Detect skipped due to KSN trusted
21:41:39.0742 0x14b0  WUDFRd - ok
21:41:39.0836 0x14b0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:41:39.0882 0x14b0  wudfsvc - ok
21:41:39.0945 0x14b0  [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
21:41:39.0945 0x14b0  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\yk60x86.sys. md5: 04E268ADFC81964C49DC0C082D520F7E, sha256: 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179
21:41:39.0960 0x14b0  yukonwlh - detected LockedFile.Multi.Generic ( 1 )
21:41:42.0347 0x14b0  Detect skipped due to KSN trusted
21:41:42.0347 0x14b0  yukonwlh - ok
21:41:42.0363 0x14b0  ================ Scan global ===============================
21:41:42.0456 0x14b0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
21:41:42.0503 0x14b0  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:41:42.0566 0x14b0  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
21:41:42.0628 0x14b0  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
21:41:42.0659 0x14b0  [ Global ] - ok
21:41:42.0659 0x14b0  ================ Scan MBR ==================================
21:41:42.0675 0x14b0  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
21:41:43.0236 0x14b0  \Device\Harddisk0\DR0 - ok
21:41:43.0236 0x14b0  ================ Scan VBR ==================================
21:41:43.0236 0x14b0  [ 5D77EC23D5B9726D32BBDD410C52A16F ] \Device\Harddisk0\DR0\Partition1
21:41:43.0299 0x14b0  \Device\Harddisk0\DR0\Partition1 - ok
21:41:43.0299 0x14b0  [ 0EA5D9D7F5E1938155CCDD3F71A836A2 ] \Device\Harddisk0\DR0\Partition2
21:41:43.0330 0x14b0  \Device\Harddisk0\DR0\Partition2 - ok
21:41:43.0330 0x14b0  ================ Scan generic autorun ======================
21:41:43.0439 0x14b0  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
21:41:43.0533 0x14b0  Windows Defender - ok
21:41:43.0876 0x14b0  [ EB57A9927A39EB86194D664E781633B7, 673F5A8D2ACFE11CAA95FBDDB4962445CCFBBBF3547DDFFB820A335F4F6B1D13 ] C:\Windows\RtHDVCpl.exe
21:41:44.0282 0x14b0  RtHDVCpl - ok
21:41:44.0375 0x14b0  [ A37B2AB33BFF3C6705DC2C016328DD2F, C6F14E81FD9001048B178576FA01A4F77BF3F0A05DE443EB6AAC4982EE763D69 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
21:41:44.0453 0x14b0  SynTPEnh - ok
21:41:44.0531 0x14b0  [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7, 51F3072F9AB9C6B8FF62731834530870A517F3099D1E94E8E2F953484B7A04FE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
21:41:44.0531 0x14b0  APSDaemon - ok
21:41:44.0578 0x14b0  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC, 8BAD14D327C60B4CBC00278802A5F6453D641EFC2EF97D90E7AB579758DF7FFC ] C:\Program Files\iTunes\iTunesHelper.exe
21:41:44.0625 0x14b0  iTunesHelper - ok
21:41:44.0750 0x14b0  [ 5374D3363F5B87CF03125F5FB584C8CE, 905C6F08A616A31566C7510EC4B0F02BA66E1928968343FB22ED37C4FB8BABDD ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
21:41:44.0812 0x14b0  avgnt - ok
21:41:44.0999 0x14b0  [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
21:41:45.0155 0x14b0  MailCheck IE Broker - ok
21:41:45.0264 0x14b0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:41:45.0420 0x14b0  Sidebar - ok
21:41:45.0436 0x14b0  WindowsWelcomeCenter - ok
21:41:45.0514 0x14b0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:41:45.0623 0x14b0  Sidebar - ok
21:41:45.0639 0x14b0  WindowsWelcomeCenter - ok
21:41:45.0686 0x14b0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
21:41:45.0764 0x14b0  Sidebar - ok
21:41:45.0920 0x14b0  [ 6DE8F3D91387412AC2E869FFA0F6ABA6, 68202B155995F14471377E1F0080916B31D6F99F7DA9E5E147399B2E1BA933CE ] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
21:41:46.0107 0x14b0  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
21:41:51.0910 0x14b0  Detect skipped due to KSN trusted
21:41:51.0910 0x14b0  LightScribe Control Panel - ok
21:41:52.0004 0x14b0  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
21:41:52.0035 0x14b0  ehTray.exe - ok
21:41:52.0097 0x14b0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:41:52.0206 0x14b0  Sidebar - ok
21:41:52.0206 0x14b0  WindowsWelcomeCenter - ok
21:41:52.0253 0x14b0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:41:52.0316 0x14b0  Sidebar - ok
21:41:52.0331 0x14b0  WindowsWelcomeCenter - ok
21:41:52.0362 0x14b0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:41:52.0440 0x14b0  Sidebar - ok
21:41:52.0456 0x14b0  WindowsWelcomeCenter - ok
21:41:52.0456 0x14b0  Waiting for KSN requests completion. In queue: 1
21:41:53.0470 0x14b0  Waiting for KSN requests completion. In queue: 1
21:41:54.0484 0x14b0  Waiting for KSN requests completion. In queue: 1
21:41:55.0576 0x14b0  Win FW state via NFP2: enabled
21:41:57.0994 0x14b0  ============================================================
21:41:57.0994 0x14b0  Scan finished
21:41:57.0994 0x14b0  ============================================================
21:41:58.0010 0x1964  Detected object count: 1
21:41:58.0010 0x1964  Actual detected object count: 1
22:00:22.0115 0x1964  ada747308081ce1 ( Rootkit.Win32.Necurs.gen ) - skipped by user
22:00:22.0115 0x1964  ada747308081ce1 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
22:00:50.0928 0x1824  Deinitialize success

schrauber · 29.06.2014, 12:27

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

Drücke auf Start Scan.
Mache während dem Scan nichts am Rechner
Gehe sicher das Cure ( default ) angehackt ist !
Drücke Continue --> Reboot.

TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Jugi · 29.06.2014, 18:55

Hallöle.

TDSSkiller habe ich, wie du es gesagt hast, ausgeführt.

Nach dem Neustart gab es eine positive Überraschung: Avira, Windows Defender & Update haben sich wieder eingeschaltet.

Hier die Logfile, die nach dem Neustart gespeichert wurde.

Code:

ATTFilter

18:24:02.0553 0x142c  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
18:24:04.0675 0x142c  ============================================================
18:24:04.0675 0x142c  Current date / time: 2014/06/29 18:24:04.0675
18:24:04.0675 0x142c  SystemInfo:
18:24:04.0675 0x142c  
18:24:04.0675 0x142c  OS Version: 6.0.6002 ServicePack: 2.0
18:24:04.0675 0x142c  Product type: Workstation
18:24:04.0675 0x142c  ComputerName: KRISSI-PC
18:24:04.0675 0x142c  UserName: Krissi
18:24:04.0675 0x142c  Windows directory: C:\Windows
18:24:04.0675 0x142c  System windows directory: C:\Windows
18:24:04.0675 0x142c  Processor architecture: Intel x86
18:24:04.0675 0x142c  Number of processors: 2
18:24:04.0675 0x142c  Page size: 0x1000
18:24:04.0675 0x142c  Boot type: Normal boot
18:24:04.0675 0x142c  ============================================================
18:24:04.0675 0x142c  BG loaded
18:24:05.0127 0x142c  System UUID: {95EE4A72-C730-4E01-597F-4C0F2E707DF4}
18:24:06.0703 0x142c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:06.0703 0x142c  ============================================================
18:24:06.0703 0x142c  \Device\Harddisk0\DR0:
18:24:06.0703 0x142c  MBR partitions:
18:24:06.0703 0x142c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
18:24:06.0703 0x142c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
18:24:06.0703 0x142c  ============================================================
18:24:06.0843 0x142c  C: <-> \Device\Harddisk0\DR0\Partition1
18:24:06.0921 0x142c  D: <-> \Device\Harddisk0\DR0\Partition2
18:24:06.0921 0x142c  ============================================================
18:24:06.0921 0x142c  Initialize success
18:24:06.0921 0x142c  ============================================================
18:24:15.0349 0x13cc  Deinitialize success

schrauber · 30.06.2014, 13:19

Frischen Scan mit TDSSKIller und FRST machen, bitte beide Logs posten

Jugi · 30.06.2014, 19:43

Erledigt.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Krissi (administrator) on KRISSI-PC on 30-06-2014 20:34:56
Running from C:\Users\Krissi\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Windows\System32\ieconfig_1und1_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
(1&1 Mail & Media GmbH) C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcupdmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-381946461-3025875304-1193097581-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-381946461-3025875304-1193097581-1003\...\MountPoints2: {58c80f0a-4f5c-11de-a804-001377ad17b8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-381946461-3025875304-1193097581-1007\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: c:\progra~2\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll => c:\progra~2\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Krissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
ShortcutTarget: OpenOffice.org 3.0.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {91A5C496-4FD3-4E32-9DDF-CFAADE5DDEC3} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100722174826.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default
FF DefaultSearchEngine: Search the web (Babylon)
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Search the web (Babylon)
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - D:\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\bProtect.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\searchplugins\webde-suche.xml
FF Extension: No Name - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\staged [2012-09-08]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-25]
FF Extension: ICQ Toolbar - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-04-14]
FF Extension: ICQ Toolbar - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(131) [2012-01-08]
FF Extension: WEB.DE Toolbar - C:\Users\Krissi\AppData\Roaming\Mozilla\Firefox\Profiles\556kefvr.default\Extensions\toolbar@web.de.xpi [2011-05-11]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009-09-03]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2009-12-03]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-04-16]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-11-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010-12-24]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-03-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Krissi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2011-12-12]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-07-10] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [271480 2010-03-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [170144 2010-05-31] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [188136 2010-05-31] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [141792 2010-05-31] (McAfee, Inc.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-07-10] (Intel(R) Corporation) [File not signed]
R2 serviceIEConfig; C:\Windows\System32\ieconfig_1und1_svc.exe [1404008 2011-03-29] ()
S2 ffdshow manager; C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [X]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-15] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [55456 2010-05-31] (McAfee, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2007-05-23] (SAMSUNG ELECTRONICS CO., LTD.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-15] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [95568 2010-05-31] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [152320 2010-05-31] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [51688 2010-05-31] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [312616 2010-05-31] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [385880 2010-05-31] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64304 2010-05-31] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [83496 2010-05-31] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [160720 2010-05-31] (McAfee, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-09-03] (Vimicro Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VMC302; System32\Drivers\VMC302.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 20:34 - 2014-06-30 20:34 - 00000000 ____D () C:\Users\Krissi\Desktop\FRST-OlderVersion
2014-06-29 18:39 - 2014-06-29 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-29 16:21 - 2014-06-29 16:21 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-27 21:23 - 2014-06-27 21:23 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Krissi\Desktop\tdsskiller.exe
2014-06-26 01:42 - 2014-06-26 01:42 - 00016360 _____ () C:\Users\Krissi\Desktop\OTL.zip
2014-06-26 01:41 - 2014-06-26 01:41 - 00001852 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-06-26 01:41 - 2014-06-26 01:41 - 00000000 ____D () C:\Users\Krissi\AppData\Local\WinZip
2014-06-26 01:40 - 2014-06-26 01:41 - 00000000 ____D () C:\ProgramData\WinZip
2014-06-26 01:40 - 2014-06-26 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-06-26 01:40 - 2014-06-26 01:40 - 00000000 ____D () C:\Program Files\WinZip
2014-06-26 00:36 - 2014-06-26 00:36 - 00001737 _____ () C:\Users\Krissi\Desktop\gmer.log
2014-06-26 00:15 - 2014-06-26 00:15 - 00051060 _____ () C:\Users\Krissi\Desktop\Extras.Txt
2014-06-26 00:12 - 2014-06-26 00:12 - 00149202 _____ () C:\Users\Krissi\Desktop\OTL.Txt
2014-06-26 00:00 - 2014-06-26 00:01 - 00031586 _____ () C:\Users\Krissi\Desktop\Addition.txt
2014-06-25 23:59 - 2014-06-30 20:35 - 00025316 _____ () C:\Users\Krissi\Desktop\FRST.txt
2014-06-25 23:59 - 2014-06-30 20:35 - 00000000 ____D () C:\FRST
2014-06-25 23:59 - 2014-06-25 23:59 - 00602112 _____ (OldTimer Tools) C:\Users\Krissi\Desktop\OTL.exe
2014-06-25 23:57 - 2014-06-25 23:57 - 00380416 _____ () C:\Users\Krissi\Desktop\Gmer-19357.exe
2014-06-25 23:54 - 2014-06-30 20:34 - 01073664 _____ (Farbar) C:\Users\Krissi\Desktop\FRST.exe
2014-06-25 23:37 - 2014-06-25 23:37 - 00003261 _____ () C:\Users\Krissi\Desktop\mbam.txt
2014-06-25 23:25 - 2014-06-25 23:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\11CE19DA.sys
2014-06-25 19:33 - 2014-06-25 19:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1F8F04E3.sys
2014-06-25 14:44 - 2014-06-25 14:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\xxqwcfsn.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 94714880 _____ (AVAST Software) C:\Users\Krissi\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-25 14:43 - 2014-06-25 14:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\pysdfqyd.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-25 14:01 - 2014-06-26 07:13 - 00000000 ____D () C:\Users\TEMP
2014-06-25 13:39 - 2014-06-25 13:39 - 05155328 _____ () C:\Users\Krissi\Downloads\windowsdefender1593dt.msi
2014-06-25 13:32 - 2014-06-25 13:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7B305B94.sys
2014-06-25 12:52 - 2014-06-25 12:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\10AC4DA0.sys
2014-06-25 12:51 - 2014-06-25 23:24 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-20 00:55 - 2014-06-24 20:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-20 00:54 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-15 21:58 - 2014-06-15 21:58 - 00000000 ____D () C:\Users\Krissi\AppData\Local\Adobe
2014-06-12 15:02 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 15:02 - 2014-04-05 05:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 15:02 - 2014-04-05 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-06-12 15:01 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 15:01 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 15:01 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 15:01 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 15:01 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 15:01 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 15:01 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 15:01 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 15:01 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 15:01 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 15:01 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 15:01 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 15:01 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 15:01 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 15:01 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 15:01 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 15:01 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 15:01 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-06-30 20:35 - 2014-06-25 23:59 - 00025316 _____ () C:\Users\Krissi\Desktop\FRST.txt
2014-06-30 20:35 - 2014-06-25 23:59 - 00000000 ____D () C:\FRST
2014-06-30 20:34 - 2014-06-30 20:34 - 00000000 ____D () C:\Users\Krissi\Desktop\FRST-OlderVersion
2014-06-30 20:34 - 2014-06-25 23:54 - 01073664 _____ (Farbar) C:\Users\Krissi\Desktop\FRST.exe
2014-06-30 20:33 - 2012-03-30 14:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 20:15 - 2010-01-07 17:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-30 19:59 - 2006-11-02 14:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 19:59 - 2006-11-02 14:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 19:55 - 2008-10-20 03:00 - 01179836 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 11:14 - 2010-01-07 17:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 18:43 - 2006-11-02 12:33 - 01567416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 18:39 - 2014-06-29 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-29 18:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 18:34 - 2008-10-10 04:51 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-06-29 18:34 - 2006-11-02 15:01 - 00032760 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-29 16:21 - 2014-06-29 16:21 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-06-29 00:31 - 2010-11-14 05:03 - 00000476 ____H () C:\Windows\Tasks\Norton Security Scan for Krissi.job
2014-06-28 12:39 - 2011-09-25 15:47 - 00004917 _____ () C:\Users\Krissi\Desktop\Aktuelles! + Bowling etc..txt
2014-06-27 21:23 - 2014-06-27 21:23 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Krissi\Desktop\tdsskiller.exe
2014-06-26 10:33 - 2012-10-21 23:59 - 00380436 _____ () C:\Windows\PFRO.log
2014-06-26 07:13 - 2014-06-25 14:01 - 00000000 ____D () C:\Users\TEMP
2014-06-26 07:10 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Web
2014-06-26 07:09 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\nap
2014-06-26 01:42 - 2014-06-26 01:42 - 00016360 _____ () C:\Users\Krissi\Desktop\OTL.zip
2014-06-26 01:41 - 2014-06-26 01:41 - 00001852 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-06-26 01:41 - 2014-06-26 01:41 - 00000000 ____D () C:\Users\Krissi\AppData\Local\WinZip
2014-06-26 01:41 - 2014-06-26 01:40 - 00000000 ____D () C:\ProgramData\WinZip
2014-06-26 01:41 - 2014-06-26 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-06-26 01:41 - 2008-12-29 16:44 - 00000000 ____D () C:\Users\Krissi
2014-06-26 01:40 - 2014-06-26 01:40 - 00000000 ____D () C:\Program Files\WinZip
2014-06-26 00:36 - 2014-06-26 00:36 - 00001737 _____ () C:\Users\Krissi\Desktop\gmer.log
2014-06-26 00:15 - 2014-06-26 00:15 - 00051060 _____ () C:\Users\Krissi\Desktop\Extras.Txt
2014-06-26 00:12 - 2014-06-26 00:12 - 00149202 _____ () C:\Users\Krissi\Desktop\OTL.Txt
2014-06-26 00:01 - 2014-06-26 00:00 - 00031586 _____ () C:\Users\Krissi\Desktop\Addition.txt
2014-06-25 23:59 - 2014-06-25 23:59 - 00602112 _____ (OldTimer Tools) C:\Users\Krissi\Desktop\OTL.exe
2014-06-25 23:57 - 2014-06-25 23:57 - 00380416 _____ () C:\Users\Krissi\Desktop\Gmer-19357.exe
2014-06-25 23:37 - 2014-06-25 23:37 - 00003261 _____ () C:\Users\Krissi\Desktop\mbam.txt
2014-06-25 23:25 - 2014-06-25 23:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\11CE19DA.sys
2014-06-25 23:24 - 2014-06-25 12:51 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-06-25 19:33 - 2014-06-25 19:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1F8F04E3.sys
2014-06-25 14:44 - 2014-06-25 14:44 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\xxqwcfsn.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 94714880 _____ (AVAST Software) C:\Users\Krissi\Downloads\avast_free_antivirus_setup_21514.exe
2014-06-25 14:43 - 2014-06-25 14:43 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\pysdfqyd.sys
2014-06-25 14:43 - 2014-06-25 14:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-06-25 13:57 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Help
2014-06-25 13:39 - 2014-06-25 13:39 - 05155328 _____ () C:\Users\Krissi\Downloads\windowsdefender1593dt.msi
2014-06-25 13:32 - 2014-06-25 13:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7B305B94.sys
2014-06-25 13:29 - 2014-03-23 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-25 13:29 - 2014-03-23 15:24 - 00000000 ____D () C:\ProgramData\Avira
2014-06-25 13:29 - 2014-03-23 15:24 - 00000000 ____D () C:\Program Files\Avira
2014-06-25 13:15 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-06-25 12:52 - 2014-06-25 12:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\10AC4DA0.sys
2014-06-24 20:00 - 2014-06-20 00:55 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 23:48 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\MSAgent
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2014-06-20 00:54 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-20 00:54 - 2012-10-20 18:57 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-20 00:54 - 2012-10-20 18:57 - 00000000 ____D () C:\Users\Krissi\AppData\Roaming\Malwarebytes
2014-06-20 00:54 - 2012-10-20 18:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-20 00:54 - 2012-10-20 18:57 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-15 21:58 - 2014-06-15 21:58 - 00000000 ____D () C:\Users\Krissi\AppData\Local\Adobe
2014-06-13 12:41 - 2012-03-30 14:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-13 12:41 - 2011-05-18 18:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-13 03:06 - 2013-07-12 01:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 03:03 - 2006-11-02 12:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Krissi\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 18:42

==================== End Of Log ============================

--- --- ---

--- --- ---

Jugi · 30.06.2014, 19:45

und noch TDSSKiller:

Code:

ATTFilter

20:32:31.0250 0x2360  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
20:32:33.0418 0x2360  ============================================================
20:32:33.0418 0x2360  Current date / time: 2014/06/30 20:32:33.0418
20:32:33.0418 0x2360  SystemInfo:
20:32:33.0418 0x2360  
20:32:33.0418 0x2360  OS Version: 6.0.6002 ServicePack: 2.0
20:32:33.0418 0x2360  Product type: Workstation
20:32:33.0418 0x2360  ComputerName: KRISSI-PC
20:32:33.0418 0x2360  UserName: Krissi
20:32:33.0418 0x2360  Windows directory: C:\Windows
20:32:33.0418 0x2360  System windows directory: C:\Windows
20:32:33.0418 0x2360  Processor architecture: Intel x86
20:32:33.0418 0x2360  Number of processors: 2
20:32:33.0418 0x2360  Page size: 0x1000
20:32:33.0418 0x2360  Boot type: Normal boot
20:32:33.0418 0x2360  ============================================================
20:32:34.0104 0x2360  KLMD registered as C:\Windows\system32\drivers\96185044.sys
20:32:34.0292 0x2360  System UUID: {95EE4A72-C730-4E01-597F-4C0F2E707DF4}
20:32:35.0040 0x2360  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:32:35.0118 0x2360  ============================================================
20:32:35.0118 0x2360  \Device\Harddisk0\DR0:
20:32:35.0118 0x2360  MBR partitions:
20:32:35.0118 0x2360  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
20:32:35.0118 0x2360  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
20:32:35.0118 0x2360  ============================================================
20:32:35.0181 0x2360  C: <-> \Device\Harddisk0\DR0\Partition1
20:32:35.0524 0x2360  D: <-> \Device\Harddisk0\DR0\Partition2
20:32:35.0524 0x2360  ============================================================
20:32:35.0524 0x2360  Initialize success
20:32:35.0524 0x2360  ============================================================
20:32:49.0720 0x1c74  ============================================================
20:32:49.0720 0x1c74  Scan started
20:32:49.0720 0x1c74  Mode: Manual; SigCheck; TDLFS; 
20:32:49.0720 0x1c74  ============================================================
20:32:49.0720 0x1c74  KSN ping started
20:32:52.0434 0x1c74  KSN ping finished: true
20:32:53.0199 0x1c74  ================ Scan system memory ========================
20:32:53.0199 0x1c74  System memory - ok
20:32:53.0214 0x1c74  ================ Scan services =============================
20:32:53.0916 0x1c74  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:32:54.0072 0x1c74  ACPI - ok
20:32:54.0197 0x1c74  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:32:54.0213 0x1c74  AdobeARMservice - ok
20:32:54.0322 0x1c74  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:32:54.0338 0x1c74  AdobeFlashPlayerUpdateSvc - ok
20:32:54.0634 0x1c74  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:32:54.0696 0x1c74  adp94xx - ok
20:32:54.0743 0x1c74  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:32:54.0790 0x1c74  adpahci - ok
20:32:54.0821 0x1c74  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:32:54.0837 0x1c74  adpu160m - ok
20:32:54.0884 0x1c74  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:32:54.0915 0x1c74  adpu320 - ok
20:32:54.0977 0x1c74  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:32:55.0118 0x1c74  AeLookupSvc - ok
20:32:55.0164 0x1c74  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
20:32:55.0275 0x1c74  AFD - ok
20:32:55.0368 0x1c74  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
20:32:55.0587 0x1c74  AgereSoftModem - ok
20:32:55.0633 0x1c74  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:32:55.0665 0x1c74  agp440 - ok
20:32:55.0696 0x1c74  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:32:55.0727 0x1c74  aic78xx - ok
20:32:55.0743 0x1c74  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
20:32:55.0883 0x1c74  ALG - ok
20:32:55.0899 0x1c74  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
20:32:55.0930 0x1c74  aliide - ok
20:32:55.0945 0x1c74  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:32:55.0977 0x1c74  amdagp - ok
20:32:55.0992 0x1c74  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
20:32:56.0023 0x1c74  amdide - ok
20:32:56.0055 0x1c74  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:32:56.0101 0x1c74  AmdK7 - ok
20:32:56.0117 0x1c74  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:32:56.0164 0x1c74  AmdK8 - ok
20:32:56.0602 0x1c74  [ 0BF3BE441B226D018767C28F92830D34, F4737DB09D2CDF1AD3516711E6A7B230D02630D7A7481CCAD046D99AF165CA23 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:32:56.0664 0x1c74  AntiVirSchedulerService - ok
20:32:56.0742 0x1c74  [ 0BF3BE441B226D018767C28F92830D34, F4737DB09D2CDF1AD3516711E6A7B230D02630D7A7481CCAD046D99AF165CA23 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:32:56.0773 0x1c74  AntiVirService - ok
20:32:56.0836 0x1c74  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
20:32:56.0898 0x1c74  Appinfo - ok
20:32:57.0132 0x1c74  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:32:57.0148 0x1c74  Apple Mobile Device - ok
20:32:57.0210 0x1c74  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
20:32:57.0241 0x1c74  arc - ok
20:32:57.0272 0x1c74  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:32:57.0304 0x1c74  arcsas - ok
20:32:57.0413 0x1c74  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:32:57.0444 0x1c74  aspnet_state - ok
20:32:57.0553 0x1c74  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:32:57.0647 0x1c74  AsyncMac - ok
20:32:57.0662 0x1c74  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:32:57.0678 0x1c74  atapi - ok
20:32:57.0772 0x1c74  [ F32FEE7CB2EE32C1F808409BC8019701, 4EB9C8388BC27EA0EEFAD8F6C7C62310832D8B13F0EE5D6667F37E6FC1D46794 ] athr            C:\Windows\system32\DRIVERS\athr.sys
20:32:57.0990 0x1c74  athr - ok
20:32:58.0208 0x1c74  [ F0D933B42CD0594048E4D5200AE9E417, FF53E843A99948568515964C3C97107FA875BBC3F2906BADEE0B29ACE5532F0D ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
20:32:58.0271 0x1c74  atksgt - ok
20:32:58.0302 0x1c74  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:32:58.0349 0x1c74  AudioEndpointBuilder - ok
20:32:58.0396 0x1c74  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:32:58.0427 0x1c74  Audiosrv - ok
20:32:58.0832 0x1c74  [ 06740B4CA398D0D00A49CB1D22FC2BC3, CCE1A4D7C24124687324FB904BADA3E289472FA4C0594031952F5F4577322AE0 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:32:58.0864 0x1c74  avgntflt - ok
20:32:58.0973 0x1c74  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:32:59.0004 0x1c74  avipbb - ok
20:32:59.0176 0x1c74  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:32:59.0191 0x1c74  avkmgr - ok
20:32:59.0254 0x1c74  [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:32:59.0456 0x1c74  bcm4sbxp - ok
20:32:59.0472 0x1c74  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:32:59.0534 0x1c74  Beep - ok
20:32:59.0597 0x1c74  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
20:32:59.0675 0x1c74  BFE - ok
20:32:59.0753 0x1c74  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
20:32:59.0940 0x1c74  BITS - ok
20:32:59.0987 0x1c74  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:33:00.0034 0x1c74  blbdrive - ok
20:33:00.0252 0x1c74  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:33:00.0283 0x1c74  Bonjour Service - ok
20:33:00.0314 0x1c74  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:33:00.0377 0x1c74  bowser - ok
20:33:00.0408 0x1c74  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:33:00.0455 0x1c74  BrFiltLo - ok
20:33:00.0502 0x1c74  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:33:00.0548 0x1c74  BrFiltUp - ok
20:33:00.0595 0x1c74  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
20:33:00.0673 0x1c74  Browser - ok
20:33:00.0704 0x1c74  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:33:00.0782 0x1c74  Brserid - ok
20:33:00.0814 0x1c74  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:33:00.0907 0x1c74  BrSerWdm - ok
20:33:01.0110 0x1c74  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:33:01.0204 0x1c74  BrUsbMdm - ok
20:33:01.0235 0x1c74  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:33:01.0297 0x1c74  BrUsbSer - ok
20:33:01.0531 0x1c74  [ DA7B195275BDA7F8FCF79B40E0F45DDE, 1346E9221FD6A1DA27F0BC4F3CF5AFA60B3419931B32468107028BCD4232A708 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
20:33:01.0609 0x1c74  BthEnum - ok
20:33:01.0625 0x1c74  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:33:01.0718 0x1c74  BTHMODEM - ok
20:33:01.0734 0x1c74  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:33:01.0812 0x1c74  BthPan - ok
20:33:01.0843 0x1c74  [ 73D53F8E90550BA81E2CF44A0873B410, 2E73A2FCF668F1F18928A293A74370BF3D6DC0208D010D10FD5335DFA3706906 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
20:33:01.0906 0x1c74  BTHPORT - ok
20:33:01.0952 0x1c74  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
20:33:02.0015 0x1c74  BthServ - ok
20:33:02.0046 0x1c74  [ 32045A4BB143BBC5BAB1298C4E9E309A, 4009AE2D186746E076CF254FD3653AA4B07182521B772CF2825A3BBDEF4288FB ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
20:33:02.0093 0x1c74  BTHUSB - ok
20:33:02.0140 0x1c74  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1, 4AF75222BF49EBFA93C98DF206D715DFE2B5EB742BDE06622256F628A756AAD6 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
20:33:02.0171 0x1c74  btwaudio - ok
20:33:02.0186 0x1c74  [ 195872E48A7FB01F8BC9B800F70F4054, 5F37D7CE44F00791241911BA1E77AD5DAD22C08584F19367BBE27BBFA3484616 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
20:33:02.0218 0x1c74  btwavdt - ok
20:33:02.0218 0x1c74  [ 0724E7D6C9B6A289EDDDA33FA8176E80, 836BFED3A4A374AB1C699D950D87A0709F529FD65B860890699584640490DBE8 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
20:33:02.0249 0x1c74  btwrchid - ok
20:33:02.0296 0x1c74  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:33:02.0358 0x1c74  cdfs - ok
20:33:02.0389 0x1c74  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:33:02.0452 0x1c74  cdrom - ok
20:33:02.0483 0x1c74  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
20:33:02.0561 0x1c74  CertPropSvc - ok
20:33:02.0608 0x1c74  [ 44E4A7DDED054DD55AE995C3AED719AE, 4AEC662B6C024569B6E9FA56EF1F941779019940908E35B054AD3421AA448385 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
20:33:02.0623 0x1c74  cfwids - ok
20:33:02.0654 0x1c74  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:33:02.0701 0x1c74  circlass - ok
20:33:02.0764 0x1c74  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
20:33:02.0810 0x1c74  CLFS - ok
20:33:02.0998 0x1c74  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:33:03.0029 0x1c74  clr_optimization_v2.0.50727_32 - ok
20:33:03.0060 0x1c74  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:33:03.0107 0x1c74  clr_optimization_v4.0.30319_32 - ok
20:33:03.0138 0x1c74  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:33:03.0200 0x1c74  CmBatt - ok
20:33:03.0232 0x1c74  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:33:03.0247 0x1c74  cmdide - ok
20:33:03.0263 0x1c74  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:33:03.0294 0x1c74  Compbatt - ok
20:33:03.0294 0x1c74  COMSysApp - ok
20:33:03.0325 0x1c74  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:33:03.0356 0x1c74  crcdisk - ok
20:33:03.0388 0x1c74  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:33:03.0450 0x1c74  Crusoe - ok
20:33:03.0528 0x1c74  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:33:03.0575 0x1c74  CryptSvc - ok
20:33:03.0637 0x1c74  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:33:03.0746 0x1c74  DcomLaunch - ok
20:33:03.0778 0x1c74  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:33:03.0996 0x1c74  DfsC - ok
20:33:04.0105 0x1c74  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
20:33:04.0324 0x1c74  DFSR - ok
20:33:04.0370 0x1c74  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:33:04.0433 0x1c74  Dhcp - ok
20:33:04.0464 0x1c74  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
20:33:04.0495 0x1c74  disk - ok
20:33:04.0542 0x1c74  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:33:04.0636 0x1c74  Dnscache - ok
20:33:04.0682 0x1c74  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
20:33:04.0745 0x1c74  dot3svc - ok
20:33:04.0792 0x1c74  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
20:33:04.0870 0x1c74  DPS - ok
20:33:04.0916 0x1c74  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:33:04.0979 0x1c74  drmkaud - ok
20:33:05.0041 0x1c74  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:33:05.0104 0x1c74  DXGKrnl - ok
20:33:05.0150 0x1c74  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:33:05.0197 0x1c74  E1G60 - ok
20:33:05.0244 0x1c74  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
20:33:05.0291 0x1c74  EapHost - ok
20:33:05.0338 0x1c74  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:33:05.0369 0x1c74  Ecache - ok
20:33:05.0447 0x1c74  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:33:05.0525 0x1c74  ehRecvr - ok
20:33:05.0556 0x1c74  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
20:33:05.0603 0x1c74  ehSched - ok
20:33:05.0618 0x1c74  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
20:33:05.0665 0x1c74  ehstart - ok
20:33:05.0712 0x1c74  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:33:05.0759 0x1c74  elxstor - ok
20:33:05.0821 0x1c74  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:33:05.0930 0x1c74  EMDMgmt - ok
20:33:05.0946 0x1c74  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:33:06.0008 0x1c74  ErrDev - ok
20:33:06.0040 0x1c74  esgiguard - ok
20:33:06.0102 0x1c74  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
20:33:06.0149 0x1c74  EventSystem - ok
20:33:06.0258 0x1c74  [ 2D41D7250F73272946DE04FF7A19761E, 2688B19CB7048068D5C3CC27B7D8A88FAAF5D5BCD5DA017259C78FD47CCEF958 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:33:06.0367 0x1c74  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
20:33:08.0848 0x1c74  Detect skipped due to KSN trusted
20:33:08.0848 0x1c74  EvtEng - ok
20:33:08.0910 0x1c74  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:33:09.0004 0x1c74  exfat - ok
20:33:09.0050 0x1c74  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:33:09.0097 0x1c74  fastfat - ok
20:33:09.0144 0x1c74  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:33:09.0191 0x1c74  fdc - ok
20:33:09.0222 0x1c74  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
20:33:09.0269 0x1c74  fdPHost - ok
20:33:09.0378 0x1c74  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:33:09.0440 0x1c74  FDResPub - ok
20:33:09.0596 0x1c74  ffdshow manager - ok
20:33:09.0612 0x1c74  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:33:09.0643 0x1c74  FileInfo - ok
20:33:09.0674 0x1c74  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:33:09.0737 0x1c74  Filetrace - ok
20:33:09.0768 0x1c74  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:33:09.0815 0x1c74  flpydisk - ok
20:33:09.0846 0x1c74  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:33:09.0862 0x1c74  FltMgr - ok
20:33:09.0955 0x1c74  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
20:33:10.0127 0x1c74  FontCache - ok
20:33:10.0361 0x1c74  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:33:10.0392 0x1c74  FontCache3.0.0.0 - ok
20:33:10.0439 0x1c74  [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:33:10.0454 0x1c74  fssfltr - ok
20:33:10.0829 0x1c74  [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:33:11.0016 0x1c74  fsssvc - ok
20:33:11.0063 0x1c74  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:33:11.0156 0x1c74  Fs_Rec - ok
20:33:11.0188 0x1c74  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:33:11.0203 0x1c74  gagp30kx - ok
20:33:11.0312 0x1c74  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:33:11.0344 0x1c74  GEARAspiWDM - ok
20:33:11.0390 0x1c74  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
20:33:11.0516 0x1c74  gpsvc - ok
20:33:11.0579 0x1c74  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:33:11.0594 0x1c74  gupdate - ok
20:33:11.0610 0x1c74  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:33:11.0625 0x1c74  gupdatem - ok
20:33:11.0672 0x1c74  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:33:11.0797 0x1c74  HdAudAddService - ok
20:33:11.0859 0x1c74  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:33:12.0031 0x1c74  HDAudBus - ok
20:33:12.0047 0x1c74  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:33:12.0125 0x1c74  HidBth - ok
20:33:12.0405 0x1c74  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:33:12.0468 0x1c74  HidIr - ok
20:33:12.0515 0x1c74  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
20:33:12.0561 0x1c74  hidserv - ok
20:33:12.0593 0x1c74  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:33:12.0655 0x1c74  HidUsb - ok
20:33:12.0702 0x1c74  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:33:12.0749 0x1c74  hkmsvc - ok
20:33:12.0795 0x1c74  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:33:12.0811 0x1c74  HpCISSs - ok
20:33:12.0905 0x1c74  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:33:13.0029 0x1c74  HTTP - ok
20:33:13.0045 0x1c74  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:33:13.0076 0x1c74  i2omp - ok
20:33:13.0092 0x1c74  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:33:13.0154 0x1c74  i8042prt - ok
20:33:13.0232 0x1c74  [ 496DB78E6A0C4C44023D9A92B4A7AC31, 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:33:13.0419 0x1c74  ialm - ok
20:33:13.0482 0x1c74  [ ABFEBC5F846C71AFEBD7F8F6BA740C03, 3BD7EA27EC21A7A9BE544A11E5A284DF00FFB3E2554DDBE113802153D62DFDEF ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:33:13.0497 0x1c74  iaStor - ok
20:33:13.0529 0x1c74  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:33:13.0575 0x1c74  iaStorV - ok
20:33:13.0653 0x1c74  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:33:13.0778 0x1c74  idsvc - ok
20:33:13.0809 0x1c74  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:33:13.0841 0x1c74  iirsp - ok
20:33:13.0887 0x1c74  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:33:13.0950 0x1c74  IKEEXT - ok
20:33:14.0075 0x1c74  [ FFD2B3BC042596ABE785D3C15F51AB46, C2CA6E15FE95ADE211325CA907FBC213DB3B5E871DBD22CC485837FAB4E9BCEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:33:14.0277 0x1c74  IntcAzAudAddService - ok
20:33:14.0324 0x1c74  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
20:33:14.0355 0x1c74  intelide - ok
20:33:14.0371 0x1c74  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:33:14.0433 0x1c74  intelppm - ok
20:33:14.0480 0x1c74  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:33:14.0543 0x1c74  IPBusEnum - ok
20:33:14.0558 0x1c74  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:14.0621 0x1c74  IpFilterDriver - ok
20:33:14.0683 0x1c74  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:33:14.0777 0x1c74  iphlpsvc - ok
20:33:14.0777 0x1c74  IpInIp - ok
20:33:14.0792 0x1c74  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:33:14.0839 0x1c74  IPMIDRV - ok
20:33:14.0870 0x1c74  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:33:14.0917 0x1c74  IPNAT - ok
20:33:15.0011 0x1c74  [ BC0EA61246F8D940FBC5F652D337D6BD, BF018317631937EED13136608831F526BE34AF7E59FEF4863E3EDD205C02E1A7 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:33:15.0073 0x1c74  iPod Service - ok
20:33:15.0104 0x1c74  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:33:15.0151 0x1c74  IRENUM - ok
20:33:15.0167 0x1c74  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:33:15.0198 0x1c74  isapnp - ok
20:33:15.0245 0x1c74  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:33:15.0291 0x1c74  iScsiPrt - ok
20:33:15.0323 0x1c74  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:33:15.0338 0x1c74  iteatapi - ok
20:33:15.0354 0x1c74  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:33:15.0385 0x1c74  iteraid - ok
20:33:15.0416 0x1c74  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:33:15.0447 0x1c74  kbdclass - ok
20:33:15.0479 0x1c74  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:33:15.0525 0x1c74  kbdhid - ok
20:33:15.0557 0x1c74  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
20:33:15.0635 0x1c74  KeyIso - ok
20:33:15.0666 0x1c74  [ EBC507F129DF8F0E0CA270DCFC0CF87F, 232E2C4118A3177019E111E23D02F669338AE251308DE9BEDE3869C1208D7F0B ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
20:33:15.0697 0x1c74  KMDFMEMIO - ok
20:33:15.0744 0x1c74  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A, 573681387B27FB2C8DC6612474B9BB8631F6CD3CED29AEBF91992606875724D2 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:33:15.0806 0x1c74  KMWDFILTER - ok
20:33:15.0853 0x1c74  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:33:15.0900 0x1c74  KSecDD - ok
20:33:15.0947 0x1c74  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:33:16.0040 0x1c74  KtmRm - ok
20:33:16.0087 0x1c74  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:33:16.0165 0x1c74  LanmanServer - ok
20:33:16.0196 0x1c74  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:33:16.0259 0x1c74  LanmanWorkstation - ok
20:33:16.0321 0x1c74  [ C215E09622118383B236DD56C2065183, AF5F7C8806BF9C203DB8AD9DA2062E31FF9A2282B5FE1222A3B9DEEB435EBAB4 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:33:16.0337 0x1c74  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
20:33:18.0723 0x1c74  Detect skipped due to KSN trusted
20:33:18.0723 0x1c74  LightScribeService - ok
20:33:18.0786 0x1c74  [ F8A7212D0864EF5E9185FB95E6623F4D, 277EAA06BD3D1CB31E6CD7B9ECD3A4B7D4AB7A369DB5FFF04EC7D749DF26E3D2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
20:33:18.0801 0x1c74  lirsgt - ok
20:33:18.0848 0x1c74  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:33:18.0879 0x1c74  lltdio - ok
20:33:18.0926 0x1c74  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:33:18.0973 0x1c74  lltdsvc - ok
20:33:18.0989 0x1c74  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:33:19.0067 0x1c74  lmhosts - ok
20:33:19.0082 0x1c74  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:33:19.0113 0x1c74  LSI_FC - ok
20:33:19.0129 0x1c74  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:33:19.0160 0x1c74  LSI_SAS - ok
20:33:19.0191 0x1c74  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:33:19.0223 0x1c74  LSI_SCSI - ok
20:33:19.0238 0x1c74  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:33:19.0285 0x1c74  luafv - ok
20:33:19.0363 0x1c74  [ B26A3EA976E6FD5C03C65F6E5824AD7C, CBEFC3C62E0328C347AC6A4FAF42979AC4E0E6E5EE9DEAE605B0C7E60F297696 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:33:19.0394 0x1c74  mcmscsvc - ok
20:33:19.0425 0x1c74  [ B26A3EA976E6FD5C03C65F6E5824AD7C, CBEFC3C62E0328C347AC6A4FAF42979AC4E0E6E5EE9DEAE605B0C7E60F297696 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:33:19.0457 0x1c74  McNASvc - ok
20:33:19.0472 0x1c74  [ B26A3EA976E6FD5C03C65F6E5824AD7C, CBEFC3C62E0328C347AC6A4FAF42979AC4E0E6E5EE9DEAE605B0C7E60F297696 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:33:19.0488 0x1c74  McProxy - ok
20:33:19.0519 0x1c74  [ 861255C3ED2ACE9DF92ED10A6A174BAC, 41716C4CFA286A78308180BF08F81F24F4EAB968CAD679F379D1B8242ECB824C ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:33:19.0550 0x1c74  McShield - ok
20:33:19.0581 0x1c74  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:33:19.0613 0x1c74  Mcx2Svc - ok
20:33:19.0628 0x1c74  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
20:33:19.0644 0x1c74  megasas - ok
20:33:19.0691 0x1c74  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:33:19.0737 0x1c74  MegaSR - ok
20:33:19.0769 0x1c74  [ B77E959E1C50D3E3A9D9EF423BE62E09, 03BC07178E8251C6BD5EE04074555847CC712F28467F77D87AB44FA0BD5F501F ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
20:33:19.0800 0x1c74  mfeapfk - ok
20:33:19.0847 0x1c74  [ E84596FCB591117F5597498A5F82AD97, 2746C6F874F9BDCC4F86A3BEFD8065966A6C755835AB06BAABE04904EA17A880 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
20:33:19.0878 0x1c74  mfeavfk - ok
20:33:19.0893 0x1c74  [ D40CE01E2D3FE0C079CD2D6B3E4B823B, C257B3A74EF5BA4A066841B2424A26A4C607F2E4F33456EB76AB6B68781F6FC1 ] mfebopk         C:\Windows\system32\drivers\mfebopk.sys
20:33:19.0909 0x1c74  mfebopk - ok
20:33:19.0956 0x1c74  [ E96F9CF4F8D244FDD5181FE90826E28F, 3A9789A44FCB5162F2A1846308EBE19C823C64EE97A07041C5AB0486C8F5EDB9 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:33:19.0971 0x1c74  mfefire - ok
20:33:20.0018 0x1c74  [ 3962C6A9E35C4319DCDAB0497614FD69, 60590AF645ACC96C1EC7FCBE7E35A54AAD3AA708F2FA57202F9ED3A50CEDE1E4 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
20:33:20.0065 0x1c74  mfefirek - ok
20:33:20.0112 0x1c74  [ E7ECF7872BF8F2897AE5A696D908C2F7, ED0B11F0A261BF30039BE506EFC472083FEA6EBEC334036545AB359DFA8E6A4B ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
20:33:20.0159 0x1c74  mfehidk - ok
20:33:20.0190 0x1c74  [ 738EA065C00112C46A64ECF7F6D81902, E2E9473FC26A9AB4A907B79196EFDD474EFFA833BCE23CCEEE3817851FE7B17D ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
20:33:20.0221 0x1c74  mfenlfk - ok
20:33:20.0268 0x1c74  [ E411594AC94BAEF7F8EA991CC8F47FD1, 2E4432DAD9B24FEF9455D51F005E5875FCD786BBB95BECDEED7D512A22757435 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
20:33:20.0283 0x1c74  mferkdet - ok
20:33:20.0330 0x1c74  [ B0E1CE9ED1E5EA5642EB6602016B70CC, 3809481DB4FF5D674FD1577BFABA5349C17115DE4CAD6601C99A554577DD841A ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
20:33:20.0361 0x1c74  mfevtp - ok
20:33:20.0377 0x1c74  [ 53ED75F57E87831D3651FF32CB3D5648, D7CD64FB31311C1C46A4AF8B273EBBC10622124AE803CE4A87D218BF51C2D7AA ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
20:33:20.0408 0x1c74  mfewfpk - ok
20:33:20.0439 0x1c74  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
20:33:20.0502 0x1c74  MMCSS - ok
20:33:20.0517 0x1c74  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
20:33:20.0595 0x1c74  Modem - ok
20:33:20.0627 0x1c74  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:33:20.0673 0x1c74  monitor - ok
20:33:20.0720 0x1c74  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:33:20.0736 0x1c74  mouclass - ok
20:33:20.0767 0x1c74  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:33:20.0798 0x1c74  mouhid - ok
20:33:20.0814 0x1c74  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:33:20.0845 0x1c74  MountMgr - ok
20:33:20.0876 0x1c74  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:33:20.0892 0x1c74  mpio - ok
20:33:20.0923 0x1c74  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:33:20.0954 0x1c74  mpsdrv - ok
20:33:21.0001 0x1c74  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:33:21.0079 0x1c74  MpsSvc - ok
20:33:21.0110 0x1c74  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:33:21.0141 0x1c74  Mraid35x - ok
20:33:21.0173 0x1c74  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:33:21.0235 0x1c74  MRxDAV - ok
20:33:21.0266 0x1c74  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:21.0344 0x1c74  mrxsmb - ok
20:33:21.0391 0x1c74  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:21.0469 0x1c74  mrxsmb10 - ok
20:33:21.0500 0x1c74  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:21.0531 0x1c74  mrxsmb20 - ok
20:33:21.0578 0x1c74  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:33:21.0594 0x1c74  msahci - ok
20:33:21.0625 0x1c74  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:33:21.0656 0x1c74  msdsm - ok
20:33:21.0672 0x1c74  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
20:33:21.0750 0x1c74  MSDTC - ok
20:33:21.0781 0x1c74  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:33:21.0843 0x1c74  Msfs - ok
20:33:21.0859 0x1c74  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:33:21.0890 0x1c74  msisadrv - ok
20:33:21.0937 0x1c74  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:33:21.0999 0x1c74  MSiSCSI - ok
20:33:22.0015 0x1c74  msiserver - ok
20:33:22.0031 0x1c74  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:33:22.0077 0x1c74  MSKSSRV - ok
20:33:22.0093 0x1c74  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:22.0140 0x1c74  MSPCLOCK - ok
20:33:22.0155 0x1c74  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:33:22.0218 0x1c74  MSPQM - ok
20:33:22.0265 0x1c74  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:33:22.0296 0x1c74  MsRPC - ok
20:33:22.0327 0x1c74  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:33:22.0358 0x1c74  mssmbios - ok
20:33:22.0374 0x1c74  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:33:22.0436 0x1c74  MSTEE - ok
20:33:22.0467 0x1c74  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:33:22.0499 0x1c74  Mup - ok
20:33:22.0545 0x1c74  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
20:33:22.0608 0x1c74  napagent - ok
20:33:22.0655 0x1c74  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:33:22.0701 0x1c74  NativeWifiP - ok
20:33:22.0764 0x1c74  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:33:22.0842 0x1c74  NDIS - ok
20:33:22.0873 0x1c74  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:22.0935 0x1c74  NdisTapi - ok
20:33:22.0951 0x1c74  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:22.0998 0x1c74  Ndisuio - ok
20:33:23.0045 0x1c74  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:23.0091 0x1c74  NdisWan - ok
20:33:23.0107 0x1c74  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:33:23.0138 0x1c74  NDProxy - ok
20:33:23.0169 0x1c74  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:33:23.0216 0x1c74  NetBIOS - ok
20:33:23.0263 0x1c74  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:33:23.0310 0x1c74  netbt - ok
20:33:23.0325 0x1c74  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
20:33:23.0357 0x1c74  Netlogon - ok
20:33:23.0403 0x1c74  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
20:33:23.0466 0x1c74  Netman - ok
20:33:23.0513 0x1c74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:33:23.0528 0x1c74  NetMsmqActivator - ok
20:33:23.0559 0x1c74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:33:23.0575 0x1c74  NetPipeActivator - ok
20:33:23.0606 0x1c74  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
20:33:23.0653 0x1c74  netprofm - ok
20:33:23.0669 0x1c74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:33:23.0700 0x1c74  NetTcpActivator - ok
20:33:23.0700 0x1c74  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:33:23.0731 0x1c74  NetTcpPortSharing - ok
20:33:23.0871 0x1c74  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
20:33:24.0074 0x1c74  NETw3v32 - ok
20:33:24.0121 0x1c74  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:33:24.0137 0x1c74  nfrd960 - ok
20:33:24.0168 0x1c74  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:33:24.0230 0x1c74  NlaSvc - ok
20:33:24.0277 0x1c74  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:33:24.0324 0x1c74  Npfs - ok
20:33:24.0355 0x1c74  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
20:33:24.0386 0x1c74  nsi - ok
20:33:24.0417 0x1c74  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:33:24.0464 0x1c74  nsiproxy - ok
20:33:24.0558 0x1c74  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:33:24.0698 0x1c74  Ntfs - ok
20:33:24.0745 0x1c74  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:33:24.0807 0x1c74  ntrigdigi - ok
20:33:24.0839 0x1c74  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
20:33:24.0885 0x1c74  Null - ok
20:33:24.0932 0x1c74  [ 77F9F9A199B87FE3F852E12F5419240B, BE9C05F2AC12BB41EC71A596039F2116E5A0F454D32E5A618112296721001473 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
20:33:24.0963 0x1c74  NVHDA - ok
20:33:25.0353 0x1c74  [ 2FA5434344AF84D73F66BA402FF78690, D244C9BA5C9A582C17AA5DE3BE78A2C177AC2CEE5EE6C0E62A52AED7C51B0FB1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:33:25.0977 0x1c74  nvlddmkm - ok
20:33:26.0040 0x1c74  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:33:26.0071 0x1c74  nvraid - ok
20:33:26.0102 0x1c74  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:33:26.0133 0x1c74  nvstor - ok
20:33:26.0196 0x1c74  [ B785320CBCF5021DE9945C803696C511, 01D374F6F0EEA385A25DA375EDDD83F5F6F3FEC6D5C3F844AE2DDE75C451A623 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:33:26.0258 0x1c74  nvsvc - ok
20:33:26.0367 0x1c74  [ D2B064796C369F82E96397F721C4A29D, 49A9E7DBCFFE5C8D0B22088193277366BAEA7D6CF51894BD4030F7C96275237B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:33:26.0461 0x1c74  nvUpdatusService - ok
20:33:26.0492 0x1c74  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:33:26.0523 0x1c74  nv_agp - ok
20:33:26.0523 0x1c74  NwlnkFlt - ok
20:33:26.0539 0x1c74  NwlnkFwd - ok
20:33:26.0555 0x1c74  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:33:26.0601 0x1c74  ohci1394 - ok
20:33:26.0648 0x1c74  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:26.0664 0x1c74  ose - ok
20:33:26.0726 0x1c74  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:33:26.0820 0x1c74  p2pimsvc - ok
20:33:26.0851 0x1c74  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:33:26.0913 0x1c74  p2psvc - ok
20:33:26.0945 0x1c74  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
20:33:27.0023 0x1c74  Parport - ok
20:33:27.0069 0x1c74  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:33:27.0085 0x1c74  partmgr - ok
20:33:27.0101 0x1c74  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:33:27.0179 0x1c74  Parvdm - ok
20:33:27.0210 0x1c74  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:33:27.0272 0x1c74  PcaSvc - ok
20:33:27.0319 0x1c74  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
20:33:27.0350 0x1c74  pci - ok
20:33:27.0381 0x1c74  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:33:27.0397 0x1c74  pciide - ok
20:33:27.0428 0x1c74  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:33:27.0459 0x1c74  pcmcia - ok
20:33:27.0506 0x1c74  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:33:27.0693 0x1c74  PEAUTH - ok
20:33:27.0803 0x1c74  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
20:33:27.0959 0x1c74  pla - ok
20:33:28.0005 0x1c74  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:33:28.0068 0x1c74  PlugPlay - ok
20:33:28.0130 0x1c74  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:33:28.0177 0x1c74  PNRPAutoReg - ok
20:33:28.0224 0x1c74  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:33:28.0317 0x1c74  PNRPsvc - ok
20:33:28.0380 0x1c74  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:33:28.0427 0x1c74  PolicyAgent - ok
20:33:28.0473 0x1c74  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:33:28.0551 0x1c74  PptpMiniport - ok
20:33:28.0583 0x1c74  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
20:33:28.0645 0x1c74  Processor - ok
20:33:28.0692 0x1c74  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
20:33:28.0723 0x1c74  ProfSvc - ok
20:33:28.0895 0x1c74  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:33:28.0910 0x1c74  ProtectedStorage - ok
20:33:28.0957 0x1c74  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:33:29.0004 0x1c74  PSched - ok
20:33:29.0082 0x1c74  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:33:29.0222 0x1c74  ql2300 - ok
20:33:29.0269 0x1c74  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:33:29.0300 0x1c74  ql40xx - ok
20:33:29.0347 0x1c74  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
20:33:29.0409 0x1c74  QWAVE - ok
20:33:29.0425 0x1c74  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:33:29.0472 0x1c74  QWAVEdrv - ok
20:33:29.0487 0x1c74  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:33:29.0550 0x1c74  RasAcd - ok
20:33:29.0581 0x1c74  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
20:33:29.0643 0x1c74  RasAuto - ok
20:33:29.0675 0x1c74  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:29.0768 0x1c74  Rasl2tp - ok
20:33:29.0799 0x1c74  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
20:33:29.0846 0x1c74  RasMan - ok
20:33:29.0877 0x1c74  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:29.0909 0x1c74  RasPppoe - ok
20:33:29.0955 0x1c74  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:33:29.0987 0x1c74  RasSstp - ok
20:33:30.0033 0x1c74  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:33:30.0080 0x1c74  rdbss - ok
20:33:30.0111 0x1c74  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:30.0174 0x1c74  RDPCDD - ok
20:33:30.0205 0x1c74  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:33:30.0299 0x1c74  rdpdr - ok
20:33:30.0314 0x1c74  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:33:30.0361 0x1c74  RDPENCDD - ok
20:33:30.0408 0x1c74  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:33:30.0470 0x1c74  RDPWD - ok
20:33:30.0548 0x1c74  [ ED8C9F16E10C1E4C4C5D16CD04966E24, B7A289C14A08FA89C35776BFF53277CF5EEF4C59246B6221B99327E5B0547CD9 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:33:30.0595 0x1c74  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
20:33:32.0982 0x1c74  Detect skipped due to KSN trusted
20:33:32.0982 0x1c74  RegSrvc - ok
20:33:33.0060 0x1c74  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:33:33.0107 0x1c74  RemoteAccess - ok
20:33:33.0138 0x1c74  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:33:33.0200 0x1c74  RemoteRegistry - ok
20:33:33.0231 0x1c74  [ 10536B0AD6F416FC7F1149977C28CCDC, F0CE929BBA996762D59570338AC2E7DCC920E76E2E945FEB629E8EBE1B311D19 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:33:33.0294 0x1c74  RFCOMM - ok
20:33:33.0325 0x1c74  [ EEC7EE5675294B03E88AA868540007C1, 4FA2DFD007ED0B6276D80D7948E5A676620BB120BAF2BDB22D2D1E6ABA08F1B4 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
20:33:33.0387 0x1c74  RMCAST - ok
20:33:33.0419 0x1c74  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
20:33:33.0465 0x1c74  RpcLocator - ok
20:33:33.0512 0x1c74  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
20:33:33.0559 0x1c74  RpcSs - ok
20:33:33.0606 0x1c74  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:33:33.0668 0x1c74  rspndr - ok
20:33:33.0699 0x1c74  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
20:33:33.0715 0x1c74  SamSs - ok
20:33:33.0746 0x1c74  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:33:33.0777 0x1c74  sbp2port - ok
20:33:33.0824 0x1c74  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:33:33.0871 0x1c74  SCardSvr - ok
20:33:33.0918 0x1c74  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
20:33:34.0027 0x1c74  Schedule - ok
20:33:34.0058 0x1c74  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:33:34.0089 0x1c74  SCPolicySvc - ok
20:33:34.0121 0x1c74  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:33:34.0183 0x1c74  sdbus - ok
20:33:34.0230 0x1c74  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:33:34.0292 0x1c74  SDRSVC - ok
20:33:34.0308 0x1c74  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:33:34.0386 0x1c74  secdrv - ok
20:33:34.0417 0x1c74  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
20:33:34.0448 0x1c74  seclogon - ok
20:33:34.0479 0x1c74  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
20:33:34.0511 0x1c74  SENS - ok
20:33:34.0526 0x1c74  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:33:34.0604 0x1c74  Serenum - ok
20:33:34.0635 0x1c74  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
20:33:34.0698 0x1c74  Serial - ok
20:33:34.0729 0x1c74  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:33:34.0776 0x1c74  sermouse - ok
20:33:34.0776 0x1c74  serviceIEConfig - ok
20:33:34.0807 0x1c74  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:33:34.0869 0x1c74  SessionEnv - ok
20:33:34.0885 0x1c74  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:33:34.0932 0x1c74  sffdisk - ok
20:33:34.0947 0x1c74  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:33:35.0010 0x1c74  sffp_mmc - ok
20:33:35.0041 0x1c74  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:33:35.0072 0x1c74  sffp_sd - ok
20:33:35.0088 0x1c74  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:33:35.0150 0x1c74  sfloppy - ok
20:33:35.0213 0x1c74  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:33:35.0259 0x1c74  SharedAccess - ok
20:33:35.0322 0x1c74  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:33:35.0369 0x1c74  ShellHWDetection - ok
20:33:35.0400 0x1c74  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:33:35.0431 0x1c74  sisagp - ok
20:33:35.0447 0x1c74  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:33:35.0478 0x1c74  SiSRaid2 - ok
20:33:35.0493 0x1c74  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:33:35.0525 0x1c74  SiSRaid4 - ok
20:33:35.0696 0x1c74  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
20:33:35.0977 0x1c74  slsvc - ok
20:33:36.0024 0x1c74  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:33:36.0086 0x1c74  SLUINotify - ok
20:33:36.0117 0x1c74  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:33:36.0180 0x1c74  Smb - ok
20:33:36.0242 0x1c74  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:33:36.0258 0x1c74  SNMPTRAP - ok
20:33:36.0289 0x1c74  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:33:36.0320 0x1c74  spldr - ok
20:33:36.0351 0x1c74  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
20:33:36.0429 0x1c74  Spooler - ok
20:33:36.0476 0x1c74  [ 9263C8898732E2B890F7E954E7729AB7, DEBFD81E702893427972A6565A9AAA54A09B9F7F30CA9391011C6F7FB758A3F4 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:33:36.0492 0x1c74  SQLWriter - ok
20:33:36.0539 0x1c74  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:33:36.0632 0x1c74  srv - ok
20:33:36.0663 0x1c74  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:33:36.0741 0x1c74  srv2 - ok
20:33:36.0773 0x1c74  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:33:36.0819 0x1c74  srvnet - ok
20:33:36.0866 0x1c74  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:33:36.0913 0x1c74  SSDPSRV - ok
20:33:36.0944 0x1c74  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:33:36.0975 0x1c74  ssmdrv - ok
20:33:36.0991 0x1c74  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:33:37.0038 0x1c74  SstpSvc - ok
20:33:37.0100 0x1c74  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
20:33:37.0147 0x1c74  stisvc - ok
20:33:37.0178 0x1c74  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:33:37.0194 0x1c74  swenum - ok
20:33:37.0256 0x1c74  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
20:33:37.0303 0x1c74  swprv - ok
20:33:37.0319 0x1c74  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:33:37.0350 0x1c74  Symc8xx - ok
20:33:37.0381 0x1c74  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:33:37.0397 0x1c74  Sym_hi - ok
20:33:37.0428 0x1c74  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:33:37.0459 0x1c74  Sym_u3 - ok
20:33:37.0506 0x1c74  [ 451E8037E2EB6DA6BDF0A66F65D1810B, 98E94486560A00B33E19902BB1B5CE51168E583E9303B3A2F7337D3501887B34 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:33:37.0537 0x1c74  SynTP - ok
20:33:37.0615 0x1c74  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
20:33:37.0693 0x1c74  SysMain - ok
20:33:37.0740 0x1c74  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:33:37.0771 0x1c74  TabletInputService - ok
20:33:37.0818 0x1c74  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:33:37.0880 0x1c74  TapiSrv - ok
20:33:37.0911 0x1c74  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
20:33:37.0974 0x1c74  TBS - ok
20:33:38.0052 0x1c74  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:33:38.0130 0x1c74  Tcpip - ok
20:33:38.0177 0x1c74  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:33:38.0239 0x1c74  Tcpip6 - ok
20:33:38.0286 0x1c74  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:33:38.0317 0x1c74  tcpipreg - ok
20:33:38.0348 0x1c74  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:33:38.0411 0x1c74  TDPIPE - ok
20:33:38.0442 0x1c74  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:33:38.0489 0x1c74  TDTCP - ok
20:33:38.0520 0x1c74  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:33:38.0582 0x1c74  tdx - ok
20:33:38.0613 0x1c74  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:33:38.0645 0x1c74  TermDD - ok
20:33:38.0676 0x1c74  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
20:33:38.0723 0x1c74  TermService - ok
20:33:38.0754 0x1c74  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
20:33:38.0801 0x1c74  Themes - ok
20:33:38.0801 0x1c74  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:33:38.0847 0x1c74  THREADORDER - ok
20:33:38.0863 0x1c74  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
20:33:38.0925 0x1c74  TrkWks - ok
20:33:38.0988 0x1c74  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:33:39.0035 0x1c74  TrustedInstaller - ok
20:33:39.0081 0x1c74  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:33:39.0128 0x1c74  tssecsrv - ok
20:33:39.0159 0x1c74  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:33:39.0222 0x1c74  tunmp - ok
20:33:39.0269 0x1c74  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:33:39.0300 0x1c74  tunnel - ok
20:33:39.0315 0x1c74  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:33:39.0347 0x1c74  uagp35 - ok
20:33:39.0378 0x1c74  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:33:39.0425 0x1c74  udfs - ok
20:33:39.0471 0x1c74  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:33:39.0534 0x1c74  UI0Detect - ok
20:33:39.0549 0x1c74  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:33:39.0565 0x1c74  uliagpkx - ok
20:33:39.0596 0x1c74  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:33:39.0643 0x1c74  uliahci - ok
20:33:39.0674 0x1c74  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:33:39.0690 0x1c74  UlSata - ok
20:33:39.0721 0x1c74  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:33:39.0752 0x1c74  ulsata2 - ok
20:33:39.0783 0x1c74  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:33:39.0815 0x1c74  umbus - ok
20:33:39.0861 0x1c74  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
20:33:39.0924 0x1c74  upnphost - ok
20:33:39.0971 0x1c74  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:33:40.0017 0x1c74  usbccgp - ok
20:33:40.0049 0x1c74  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:33:40.0127 0x1c74  usbcir - ok
20:33:40.0158 0x1c74  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:33:40.0205 0x1c74  usbehci - ok
20:33:40.0251 0x1c74  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:33:40.0298 0x1c74  usbhub - ok
20:33:40.0329 0x1c74  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:33:40.0407 0x1c74  usbohci - ok
20:33:40.0439 0x1c74  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:33:40.0485 0x1c74  usbprint - ok
20:33:40.0517 0x1c74  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:33:40.0548 0x1c74  usbscan - ok
20:33:40.0595 0x1c74  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:33:40.0641 0x1c74  USBSTOR - ok
20:33:40.0688 0x1c74  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:33:40.0704 0x1c74  usbuhci - ok
20:33:40.0766 0x1c74  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:33:40.0813 0x1c74  usbvideo - ok
20:33:40.0844 0x1c74  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
20:33:40.0875 0x1c74  UxSms - ok
20:33:40.0938 0x1c74  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
20:33:41.0000 0x1c74  vds - ok
20:33:41.0047 0x1c74  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:41.0094 0x1c74  vga - ok
20:33:41.0125 0x1c74  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:33:41.0172 0x1c74  VgaSave - ok
20:33:41.0187 0x1c74  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:33:41.0219 0x1c74  viaagp - ok
20:33:41.0234 0x1c74  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:33:41.0281 0x1c74  ViaC7 - ok
20:33:41.0297 0x1c74  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
20:33:41.0328 0x1c74  viaide - ok
20:33:41.0343 0x1c74  VMC302 - ok
20:33:41.0406 0x1c74  [ B4FC3E68EF1AD16D6D60240D2A5445D8, E92531B58ED149609DC621B056FF75F64983F08F63A51522CD6CD17FDF99F705 ] VMC326          C:\Windows\system32\Drivers\VMC326.sys
20:33:41.0468 0x1c74  VMC326 - ok
20:33:41.0484 0x1c74  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:33:41.0515 0x1c74  volmgr - ok
20:33:41.0577 0x1c74  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:33:41.0624 0x1c74  volmgrx - ok
20:33:41.0671 0x1c74  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:33:41.0718 0x1c74  volsnap - ok
20:33:41.0749 0x1c74  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:33:41.0780 0x1c74  vsmraid - ok
20:33:41.0843 0x1c74  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
20:33:41.0967 0x1c74  VSS - ok
20:33:42.0014 0x1c74  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
20:33:42.0092 0x1c74  W32Time - ok
20:33:42.0139 0x1c74  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:33:42.0186 0x1c74  WacomPen - ok
20:33:42.0217 0x1c74  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:33:42.0279 0x1c74  Wanarp - ok
20:33:42.0295 0x1c74  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:33:42.0326 0x1c74  Wanarpv6 - ok
20:33:42.0389 0x1c74  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:33:42.0451 0x1c74  wcncsvc - ok
20:33:42.0498 0x1c74  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:33:42.0545 0x1c74  WcsPlugInService - ok
20:33:42.0576 0x1c74  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
20:33:42.0591 0x1c74  Wd - ok
20:33:42.0669 0x1c74  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:33:42.0779 0x1c74  Wdf01000 - ok
20:33:42.0794 0x1c74  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:33:42.0857 0x1c74  WdiServiceHost - ok
20:33:42.0872 0x1c74  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:33:42.0903 0x1c74  WdiSystemHost - ok
20:33:42.0966 0x1c74  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
20:33:42.0997 0x1c74  WebClient - ok
20:33:43.0044 0x1c74  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:33:43.0106 0x1c74  Wecsvc - ok
20:33:43.0137 0x1c74  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:33:43.0184 0x1c74  wercplsupport - ok
20:33:43.0215 0x1c74  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:33:43.0262 0x1c74  WerSvc - ok
20:33:43.0325 0x1c74  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:33:43.0356 0x1c74  WinDefend - ok
20:33:43.0371 0x1c74  WinHttpAutoProxySvc - ok
20:33:43.0449 0x1c74  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:33:43.0496 0x1c74  Winmgmt - ok
20:33:43.0590 0x1c74  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:33:43.0730 0x1c74  WinRM - ok
20:33:43.0824 0x1c74  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:33:43.0886 0x1c74  Wlansvc - ok
20:33:43.0950 0x1c74  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:33:43.0981 0x1c74  wlcrasvc - ok
20:33:44.0074 0x1c74  [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:33:44.0199 0x1c74  wlidsvc - ok
20:33:44.0246 0x1c74  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:33:44.0293 0x1c74  WmiAcpi - ok
20:33:44.0340 0x1c74  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:33:44.0402 0x1c74  wmiApSrv - ok
20:33:44.0496 0x1c74  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:33:44.0636 0x1c74  WMPNetworkSvc - ok
20:33:44.0683 0x1c74  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:33:44.0761 0x1c74  WPCSvc - ok
20:33:44.0808 0x1c74  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:33:44.0870 0x1c74  WPDBusEnum - ok
20:33:44.0917 0x1c74  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:33:44.0964 0x1c74  WpdUsb - ok
20:33:45.0057 0x1c74  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:33:45.0120 0x1c74  WPFFontCache_v0400 - ok
20:33:45.0151 0x1c74  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:33:45.0213 0x1c74  ws2ifsl - ok
20:33:45.0244 0x1c74  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:33:45.0276 0x1c74  wscsvc - ok
20:33:45.0291 0x1c74  WSearch - ok
20:33:45.0416 0x1c74  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:33:45.0572 0x1c74  wuauserv - ok
20:33:45.0619 0x1c74  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:33:45.0666 0x1c74  WudfPf - ok
20:33:45.0712 0x1c74  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:45.0775 0x1c74  WUDFRd - ok
20:33:45.0822 0x1c74  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:33:45.0868 0x1c74  wudfsvc - ok
20:33:45.0915 0x1c74  [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
20:33:45.0978 0x1c74  yukonwlh - ok
20:33:46.0009 0x1c74  ================ Scan global ===============================
20:33:46.0056 0x1c74  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:33:46.0102 0x1c74  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:33:46.0149 0x1c74  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:33:46.0196 0x1c74  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:33:46.0212 0x1c74  [ Global ] - ok
20:33:46.0212 0x1c74  ================ Scan MBR ==================================
20:33:46.0243 0x1c74  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
20:33:46.0648 0x1c74  \Device\Harddisk0\DR0 - ok
20:33:46.0648 0x1c74  ================ Scan VBR ==================================
20:33:46.0664 0x1c74  [ 5D77EC23D5B9726D32BBDD410C52A16F ] \Device\Harddisk0\DR0\Partition1
20:33:46.0695 0x1c74  \Device\Harddisk0\DR0\Partition1 - ok
20:33:46.0695 0x1c74  [ 0EA5D9D7F5E1938155CCDD3F71A836A2 ] \Device\Harddisk0\DR0\Partition2
20:33:46.0726 0x1c74  \Device\Harddisk0\DR0\Partition2 - ok
20:33:46.0726 0x1c74  ================ Scan generic autorun ======================
20:33:46.0789 0x1c74  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
20:33:46.0867 0x1c74  Windows Defender - ok
20:33:47.0148 0x1c74  [ EB57A9927A39EB86194D664E781633B7, 673F5A8D2ACFE11CAA95FBDDB4962445CCFBBBF3547DDFFB820A335F4F6B1D13 ] C:\Windows\RtHDVCpl.exe
20:33:47.0538 0x1c74  RtHDVCpl - ok
20:33:47.0631 0x1c74  [ A37B2AB33BFF3C6705DC2C016328DD2F, C6F14E81FD9001048B178576FA01A4F77BF3F0A05DE443EB6AAC4982EE763D69 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:33:47.0694 0x1c74  SynTPEnh - ok
20:33:47.0787 0x1c74  [ 82CC8F77E9EC61C6B4D48DD4D5CA78E7, 51F3072F9AB9C6B8FF62731834530870A517F3099D1E94E8E2F953484B7A04FE ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:33:47.0803 0x1c74  APSDaemon - ok
20:33:47.0896 0x1c74  [ 4AFFDCAADCB1DBBFFAF06C7F82E7F6FC, 8BAD14D327C60B4CBC00278802A5F6453D641EFC2EF97D90E7AB579758DF7FFC ] C:\Program Files\iTunes\iTunesHelper.exe
20:33:47.0912 0x1c74  iTunesHelper - ok
20:33:48.0021 0x1c74  [ 5374D3363F5B87CF03125F5FB584C8CE, 905C6F08A616A31566C7510EC4B0F02BA66E1928968343FB22ED37C4FB8BABDD ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
20:33:48.0068 0x1c74  avgnt - ok
20:33:48.0177 0x1c74  [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
20:33:48.0318 0x1c74  MailCheck IE Broker - ok
20:33:48.0427 0x1c74  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:48.0536 0x1c74  Sidebar - ok
20:33:48.0552 0x1c74  WindowsWelcomeCenter - ok
20:33:48.0614 0x1c74  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:48.0708 0x1c74  Sidebar - ok
20:33:48.0708 0x1c74  WindowsWelcomeCenter - ok
20:33:48.0754 0x1c74  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
20:33:48.0848 0x1c74  Sidebar - ok
20:33:48.0988 0x1c74  [ 6DE8F3D91387412AC2E869FFA0F6ABA6, 68202B155995F14471377E1F0080916B31D6F99F7DA9E5E147399B2E1BA933CE ] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
20:33:49.0160 0x1c74  LightScribe Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
20:33:51.0562 0x1c74  Detect skipped due to KSN trusted
20:33:51.0562 0x1c74  LightScribe Control Panel - ok
20:33:51.0640 0x1c74  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
20:33:51.0672 0x1c74  ehTray.exe - ok
20:33:51.0734 0x1c74  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:51.0812 0x1c74  Sidebar - ok
20:33:51.0828 0x1c74  WindowsWelcomeCenter - ok
20:33:51.0890 0x1c74  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:51.0984 0x1c74  Sidebar - ok
20:33:51.0984 0x1c74  WindowsWelcomeCenter - ok
20:33:52.0046 0x1c74  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:33:52.0140 0x1c74  Sidebar - ok
20:33:52.0155 0x1c74  WindowsWelcomeCenter - ok
20:33:52.0155 0x1c74  Waiting for KSN requests completion. In queue: 265
20:33:53.0169 0x1c74  Waiting for KSN requests completion. In queue: 265
20:33:54.0183 0x1c74  Waiting for KSN requests completion. In queue: 265
20:33:55.0228 0x1c74  Win FW state via NFP2: enabled
20:33:57.0631 0x1c74  ============================================================
20:33:57.0631 0x1c74  Scan finished
20:33:57.0631 0x1c74  ============================================================
20:33:57.0631 0x2318  Detected object count: 0
20:33:57.0631 0x2318  Actual detected object count: 0
20:34:11.0156 0x01d8  Deinitialize success

schrauber · 01.07.2014, 13:33

supi

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jugi · 01.07.2014, 21:21

Combofix ohne Probleme ausgeführt. =)

Code:

ATTFilter

ComboFix 14-06-30.01 - Krissi 01.07.2014  21:58:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2035 [GMT 2:00]
ausgeführt von:: c:\users\Krissi\Desktop\ComboFix.exe
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Krissi\4.0
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\UA000096.DLL
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-01 bis 2014-07-01  ))))))))))))))))))))))))))))))
.
.
2014-07-01 20:06 . 2014-07-01 20:06	--------	d-----w-	c:\users\Krissi\AppData\Local\temp
2014-07-01 20:06 . 2014-07-01 20:06	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-07-01 20:06 . 2014-07-01 20:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-07-01 08:07 . 2014-06-17 00:57	8140904	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDD9E7D8-D872-40C5-817E-FEA28BB5F7DC}\mpengine.dll
2014-06-29 14:21 . 2014-06-29 14:21	--------	d-----w-	C:\TDSSKiller_Quarantine
2014-06-25 23:41 . 2014-06-25 23:41	--------	d-----w-	c:\users\Krissi\AppData\Local\WinZip
2014-06-25 23:40 . 2014-06-25 23:41	--------	d-----w-	c:\programdata\WinZip
2014-06-25 21:59 . 2014-06-30 18:35	--------	d-----w-	C:\FRST
2014-06-25 21:25 . 2014-06-25 21:25	110296	----a-w-	c:\windows\system32\drivers\11CE19DA.sys
2014-06-25 17:33 . 2014-06-25 17:33	110296	----a-w-	c:\windows\system32\drivers\1F8F04E3.sys
2014-06-25 12:44 . 2014-06-25 12:44	411552	----a-w-	c:\windows\system32\drivers\xxqwcfsn.sys
2014-06-25 12:43 . 2014-06-25 12:43	411552	----a-w-	c:\windows\system32\drivers\pysdfqyd.sys
2014-06-25 12:43 . 2014-06-25 12:43	--------	d-----w-	c:\programdata\AVAST Software
2014-06-25 12:01 . 2014-06-26 05:13	--------	d-----w-	c:\users\TEMP
2014-06-25 11:32 . 2014-06-25 11:32	110296	----a-w-	c:\windows\system32\drivers\7B305B94.sys
2014-06-25 10:52 . 2014-06-25 10:52	110296	----a-w-	c:\windows\system32\drivers\10AC4DA0.sys
2014-06-25 10:51 . 2014-06-25 21:24	110296	----a-w-	c:\windows\system32\drivers\48230029.sys
2014-06-19 22:55 . 2014-06-24 18:00	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-19 22:54 . 2014-06-19 22:54	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-06-19 22:54 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-06-19 22:54 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-06-15 19:58 . 2014-06-15 19:58	--------	d-----w-	c:\users\Krissi\AppData\Local\Adobe
2014-06-12 13:02 . 2014-04-26 16:01	502784	----a-w-	c:\windows\system32\usp10.dll
2014-06-12 13:02 . 2014-04-05 03:23	915392	----a-w-	c:\windows\system32\drivers\tcpip.sys
2014-06-12 13:02 . 2014-04-05 01:49	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-13 10:41 . 2012-03-30 12:27	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-06-13 10:41 . 2011-05-18 16:42	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-20 08:46 . 2014-03-23 13:24	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-20 08:46 . 2014-03-23 13:24	93528	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-12 05:25 . 2012-10-20 16:57	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-05 12:38 . 2009-11-05 19:37	737280	----a-w-	c:\windows\iun6002.exe
2010-05-31 18:32 . 2010-07-22 15:48	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-20 737872]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2014-04-24 1810496]
.
c:\users\Krissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2014-5-21 565104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 65146350
*Deregistered* - 65146350
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:41]
.
2014-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 15:53]
.
2014-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 15:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398413320&from=adks&uid=WDCXWD3200BEVT-35ZCT0_WD-WXE808AE0504E0504&q={searchTerms}
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-47902847.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-MCODS
AddRemove-SereneScreen Marine Aquarium 2 - c:\windows\IsUn0407.exe
AddRemove-{6041D07D-CBC6-4119-8C35-D95B77AD5FBA} - c:\programdata\{ACD22DA6-75BE-4B73-8FEE-D4717AEBEFA5}\InternetExplorer-WEB.DE-addon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-07-01 22:06
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\serviceIEConfig]
"ImagePath"="c:\windows\System32\ieconfig_1und1_svc.exe /startedbyscm:016FE01B-40E31F2D-serviceIEConfig"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-381946461-3025875304-1193097581-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-381946461-3025875304-1193097581-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
Zeit der Fertigstellung: 2014-07-01  22:09:37
ComboFix-quarantined-files.txt  2014-07-01 20:09
.
Vor Suchlauf: 15 Verzeichnis(se), 56.416.776.192 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 56.038.068.224 Bytes frei
.
- - End Of File - - 068B02A6F3BBB71CD170195C9A5DB167
61A349592C4728853F4A90FF78F7628E

28.06.2014, 18:22	#7
schrauber /// the machine /// TB-Ausbilder	WindowsVista: TrojanerRootkitfund, Virenprogramme deaktiviert kannste drin lassen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

30.06.2014, 13:19	#11
schrauber /// the machine /// TB-Ausbilder	WindowsVista: TrojanerRootkitfund, Virenprogramme deaktiviert Frischen Scan mit TDSSKIller und FRST machen, bitte beide Logs posten __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

WindowsVista: TrojanerRootkitfund, Virenprogramme deaktiviert

Log-Analyse und Auswertung: WindowsVista: TrojanerRootkitfund, Virenprogramme deaktiviert