Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.01.2015, 23:00   #16
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Zitat:
19:03:50.0303 0x0a9c 6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - skipped by user
19:03:50.0303 0x0a9c 6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip


Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 19:21   #17
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,
anbei das Log
Code:
ATTFilter
19:10:04.0905 0x1494  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
19:10:08.0527 0x1494  ============================================================
19:10:08.0527 0x1494  Current date / time: 2015/01/09 19:10:08.0527
19:10:08.0527 0x1494  SystemInfo:
19:10:08.0527 0x1494  
19:10:08.0527 0x1494  OS Version: 6.1.7601 ServicePack: 1.0
19:10:08.0527 0x1494  Product type: Workstation
19:10:08.0527 0x1494  ComputerName: LUISE-PC
19:10:08.0527 0x1494  UserName: Luise
19:10:08.0527 0x1494  Windows directory: C:\windows
19:10:08.0527 0x1494  System windows directory: C:\windows
19:10:08.0527 0x1494  Running under WOW64
19:10:08.0527 0x1494  Processor architecture: Intel x64
19:10:08.0527 0x1494  Number of processors: 2
19:10:08.0527 0x1494  Page size: 0x1000
19:10:08.0527 0x1494  Boot type: Normal boot
19:10:08.0527 0x1494  ============================================================
19:10:08.0527 0x1494  BG loaded
19:10:08.0847 0x1494  System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
19:10:09.0257 0x1494  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:10:09.0257 0x1494  ============================================================
19:10:09.0257 0x1494  \Device\Harddisk0\DR0:
19:10:09.0257 0x1494  MBR partitions:
19:10:09.0257 0x1494  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:10:09.0257 0x1494  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
19:10:09.0297 0x1494  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
19:10:09.0297 0x1494  ============================================================
19:10:09.0327 0x1494  C: <-> \Device\Harddisk0\DR0\Partition2
19:10:09.0357 0x1494  D: <-> \Device\Harddisk0\DR0\Partition3
19:10:09.0357 0x1494  ============================================================
19:10:09.0367 0x1494  Initialize success
19:10:09.0367 0x1494  ============================================================
19:11:14.0100 0x1048  ============================================================
19:11:14.0100 0x1048  Scan started
19:11:14.0100 0x1048  Mode: Manual; SigCheck; TDLFS; 
19:11:14.0100 0x1048  ============================================================
19:11:14.0100 0x1048  KSN ping started
19:11:16.0502 0x1048  KSN ping finished: true
19:11:17.0372 0x1048  ================ Scan system memory ========================
19:11:17.0372 0x1048  System memory - ok
19:11:17.0372 0x1048  ================ Scan services =============================
19:11:17.0562 0x1048  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
19:11:17.0632 0x1048  1394ohci - ok
19:11:17.0642 0x1048  Suspicious service (NoAccess): 6ab48a75c5156135
19:11:17.0672 0x1048  [ FDD39022F97C37337AEFE97E23BB0B7F, 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5 ] 6ab48a75c5156135 C:\windows\System32\Drivers\6ab48a75c5156135.sys
19:11:17.0672 0x1048  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\6ab48a75c5156135.sys. md5: FDD39022F97C37337AEFE97E23BB0B7F, sha256: 69F58BA0D01B8591C3FF01F348CCF7F28AC6EE0C8B8513F912B7B5221D4C99F5
19:11:17.0692 0x1048  6ab48a75c5156135 - detected Rootkit.Win32.Necurs.gen ( 0 )
19:11:20.0154 0x1048  6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - infected
19:11:20.0154 0x1048  Force sending object to P2P due to detect: 6ab48a75c5156135
19:11:27.0106 0x1048  Object send P2P result: true
19:11:29.0637 0x1048  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
19:11:29.0677 0x1048  ACPI - ok
19:11:29.0697 0x1048  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
19:11:29.0717 0x1048  AcpiPmi - ok
19:11:29.0877 0x1048  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:11:29.0917 0x1048  AdobeFlashPlayerUpdateSvc - ok
19:11:29.0959 0x1048  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
19:11:29.0979 0x1048  adp94xx - ok
19:11:30.0029 0x1048  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
19:11:30.0049 0x1048  adpahci - ok
19:11:30.0079 0x1048  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
19:11:30.0099 0x1048  adpu320 - ok
19:11:30.0119 0x1048  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
19:11:30.0159 0x1048  AeLookupSvc - ok
19:11:30.0249 0x1048  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
19:11:30.0289 0x1048  AFD - ok
19:11:30.0319 0x1048  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
19:11:30.0349 0x1048  agp440 - ok
19:11:30.0389 0x1048  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
19:11:30.0429 0x1048  ALG - ok
19:11:30.0469 0x1048  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
19:11:30.0489 0x1048  aliide - ok
19:11:30.0509 0x1048  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
19:11:30.0519 0x1048  amdide - ok
19:11:30.0549 0x1048  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
19:11:30.0559 0x1048  AmdK8 - ok
19:11:30.0569 0x1048  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
19:11:30.0579 0x1048  AmdPPM - ok
19:11:30.0629 0x1048  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
19:11:30.0659 0x1048  amdsata - ok
19:11:30.0689 0x1048  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
19:11:30.0709 0x1048  amdsbs - ok
19:11:30.0719 0x1048  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
19:11:30.0729 0x1048  amdxata - ok
19:11:30.0769 0x1048  [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus          C:\windows\system32\DRIVERS\lgandbus64.sys
19:11:30.0799 0x1048  Andbus - ok
19:11:30.0819 0x1048  [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag         C:\windows\system32\DRIVERS\lganddiag64.sys
19:11:30.0839 0x1048  AndDiag - ok
19:11:30.0849 0x1048  [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps          C:\windows\system32\DRIVERS\lgandgps64.sys
19:11:30.0869 0x1048  AndGps - ok
19:11:30.0879 0x1048  [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem        C:\windows\system32\DRIVERS\lgandmodem64.sys
19:11:30.0899 0x1048  ANDModem - ok
19:11:31.0049 0x1048  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:11:31.0079 0x1048  AntiVirSchedulerService - ok
19:11:31.0129 0x1048  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:11:31.0139 0x1048  AntiVirService - ok
19:11:31.0199 0x1048  [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
19:11:31.0229 0x1048  AntiVirWebService - ok
19:11:31.0270 0x1048  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
19:11:31.0300 0x1048  AppID - ok
19:11:31.0320 0x1048  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
19:11:31.0360 0x1048  AppIDSvc - ok
19:11:31.0410 0x1048  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
19:11:31.0440 0x1048  Appinfo - ok
19:11:31.0500 0x1048  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:11:31.0530 0x1048  Apple Mobile Device - ok
19:11:31.0580 0x1048  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
19:11:31.0590 0x1048  arc - ok
19:11:31.0610 0x1048  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
19:11:31.0620 0x1048  arcsas - ok
19:11:31.0760 0x1048  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:11:31.0790 0x1048  aspnet_state - ok
19:11:31.0820 0x1048  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
19:11:31.0850 0x1048  AsyncMac - ok
19:11:31.0890 0x1048  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
19:11:31.0900 0x1048  atapi - ok
19:11:31.0920 0x1048  AthBTPort - ok
19:11:32.0060 0x1048  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
19:11:32.0190 0x1048  athr - ok
19:11:32.0250 0x1048  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:11:32.0300 0x1048  AudioEndpointBuilder - ok
19:11:32.0330 0x1048  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
19:11:32.0380 0x1048  AudioSrv - ok
19:11:32.0450 0x1048  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
19:11:32.0480 0x1048  avgntflt - ok
19:11:32.0530 0x1048  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
19:11:32.0550 0x1048  avipbb - ok
19:11:32.0570 0x1048  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
19:11:32.0590 0x1048  avkmgr - ok
19:11:32.0640 0x1048  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
19:11:32.0680 0x1048  AxInstSV - ok
19:11:32.0730 0x1048  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
19:11:32.0770 0x1048  b06bdrv - ok
19:11:32.0810 0x1048  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
19:11:32.0830 0x1048  b57nd60a - ok
19:11:32.0900 0x1048  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:11:32.0940 0x1048  BBSvc - ok
19:11:32.0980 0x1048  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
19:11:33.0000 0x1048  BDESVC - ok
19:11:33.0040 0x1048  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
19:11:33.0070 0x1048  Beep - ok
19:11:33.0150 0x1048  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
19:11:33.0202 0x1048  BFE - ok
19:11:33.0252 0x1048  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
19:11:33.0312 0x1048  BITS - ok
19:11:33.0342 0x1048  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
19:11:33.0352 0x1048  blbdrive - ok
19:11:33.0442 0x1048  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:11:33.0472 0x1048  Bonjour Service - ok
19:11:33.0522 0x1048  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
19:11:33.0562 0x1048  bowser - ok
19:11:33.0602 0x1048  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
19:11:33.0632 0x1048  BrFiltLo - ok
19:11:33.0632 0x1048  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
19:11:33.0652 0x1048  BrFiltUp - ok
19:11:33.0672 0x1048  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
19:11:33.0712 0x1048  BridgeMP - ok
19:11:33.0762 0x1048  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
19:11:33.0792 0x1048  Browser - ok
19:11:33.0822 0x1048  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
19:11:33.0842 0x1048  Brserid - ok
19:11:33.0862 0x1048  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
19:11:33.0882 0x1048  BrSerWdm - ok
19:11:33.0902 0x1048  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
19:11:33.0932 0x1048  BrUsbMdm - ok
19:11:33.0952 0x1048  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
19:11:33.0972 0x1048  BrUsbSer - ok
19:11:33.0982 0x1048  BTATH_A2DP - ok
19:11:33.0992 0x1048  btath_avdt - ok
19:11:34.0002 0x1048  BTATH_BUS - ok
19:11:34.0012 0x1048  BTATH_HCRP - ok
19:11:34.0032 0x1048  BTATH_LWFLT - ok
19:11:34.0042 0x1048  BTATH_RCP - ok
19:11:34.0052 0x1048  BtFilter - ok
19:11:34.0092 0x1048  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
19:11:34.0132 0x1048  BthEnum - ok
19:11:34.0152 0x1048  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
19:11:34.0202 0x1048  BTHMODEM - ok
19:11:34.0222 0x1048  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
19:11:34.0272 0x1048  BthPan - ok
19:11:34.0342 0x1048  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
19:11:34.0402 0x1048  BTHPORT - ok
19:11:34.0452 0x1048  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
19:11:34.0502 0x1048  bthserv - ok
19:11:34.0542 0x1048  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
19:11:34.0572 0x1048  BTHUSB - ok
19:11:34.0622 0x1048  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
19:11:34.0672 0x1048  cdfs - ok
19:11:34.0692 0x1048  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
19:11:34.0722 0x1048  cdrom - ok
19:11:34.0752 0x1048  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
19:11:34.0782 0x1048  CertPropSvc - ok
19:11:34.0832 0x1048  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
19:11:34.0872 0x1048  circlass - ok
19:11:34.0912 0x1048  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
19:11:34.0942 0x1048  CLFS - ok
19:11:35.0007 0x1048  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:35.0017 0x1048  clr_optimization_v2.0.50727_32 - ok
19:11:35.0047 0x1048  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:11:35.0067 0x1048  clr_optimization_v2.0.50727_64 - ok
19:11:35.0157 0x1048  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:11:35.0197 0x1048  clr_optimization_v4.0.30319_32 - ok
19:11:35.0214 0x1048  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:11:35.0229 0x1048  clr_optimization_v4.0.30319_64 - ok
19:11:35.0249 0x1048  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
19:11:35.0259 0x1048  clwvd - ok
19:11:35.0289 0x1048  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
19:11:35.0299 0x1048  CmBatt - ok
19:11:35.0329 0x1048  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
19:11:35.0339 0x1048  cmdide - ok
19:11:35.0389 0x1048  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
19:11:35.0419 0x1048  CNG - ok
19:11:35.0459 0x1048  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
19:11:35.0489 0x1048  Compbatt - ok
19:11:35.0509 0x1048  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
19:11:35.0549 0x1048  CompositeBus - ok
19:11:35.0559 0x1048  COMSysApp - ok
19:11:35.0589 0x1048  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
19:11:35.0599 0x1048  crcdisk - ok
19:11:35.0659 0x1048  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
19:11:35.0689 0x1048  CryptSvc - ok
19:11:35.0819 0x1048  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:11:35.0859 0x1048  cvhsvc - ok
19:11:35.0909 0x1048  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
19:11:35.0959 0x1048  DcomLaunch - ok
19:11:36.0019 0x1048  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
19:11:36.0069 0x1048  defragsvc - ok
19:11:36.0099 0x1048  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
19:11:36.0149 0x1048  DfsC - ok
19:11:36.0209 0x1048  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
19:11:36.0239 0x1048  Dhcp - ok
19:11:36.0249 0x1048  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
19:11:36.0299 0x1048  discache - ok
19:11:36.0359 0x1048  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
19:11:36.0379 0x1048  Disk - ok
19:11:36.0419 0x1048  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
19:11:36.0449 0x1048  Dnscache - ok
19:11:36.0479 0x1048  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
19:11:36.0519 0x1048  dot3svc - ok
19:11:36.0529 0x1048  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
19:11:36.0569 0x1048  DPS - ok
19:11:36.0599 0x1048  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
19:11:36.0649 0x1048  drmkaud - ok
19:11:36.0729 0x1048  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
19:11:36.0769 0x1048  DXGKrnl - ok
19:11:36.0819 0x1048  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
19:11:36.0879 0x1048  EapHost - ok
19:11:37.0029 0x1048  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
19:11:37.0219 0x1048  ebdrv - ok
19:11:37.0270 0x1048  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
19:11:37.0300 0x1048  EFS - ok
19:11:37.0400 0x1048  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
19:11:37.0440 0x1048  ehRecvr - ok
19:11:37.0450 0x1048  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
19:11:37.0460 0x1048  ehSched - ok
19:11:37.0530 0x1048  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
19:11:37.0560 0x1048  elxstor - ok
19:11:37.0580 0x1048  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
19:11:37.0590 0x1048  ErrDev - ok
19:11:37.0680 0x1048  [ FD621C77B762BF1E5BB1887F02B515DF, 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
19:11:37.0720 0x1048  ETD - ok
19:11:37.0790 0x1048  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
19:11:37.0840 0x1048  EventSystem - ok
19:11:37.0870 0x1048  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
19:11:37.0930 0x1048  exfat - ok
19:11:37.0950 0x1048  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
19:11:37.0990 0x1048  fastfat - ok
19:11:38.0070 0x1048  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
19:11:38.0100 0x1048  Fax - ok
19:11:38.0130 0x1048  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
19:11:38.0140 0x1048  fdc - ok
19:11:38.0170 0x1048  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
19:11:38.0200 0x1048  fdPHost - ok
19:11:38.0210 0x1048  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
19:11:38.0250 0x1048  FDResPub - ok
19:11:38.0270 0x1048  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
19:11:38.0280 0x1048  FileInfo - ok
19:11:38.0310 0x1048  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
19:11:38.0350 0x1048  Filetrace - ok
19:11:38.0360 0x1048  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
19:11:38.0370 0x1048  flpydisk - ok
19:11:38.0400 0x1048  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
19:11:38.0420 0x1048  FltMgr - ok
19:11:38.0510 0x1048  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
19:11:38.0570 0x1048  FontCache - ok
19:11:38.0620 0x1048  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:11:38.0630 0x1048  FontCache3.0.0.0 - ok
19:11:38.0650 0x1048  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
19:11:38.0660 0x1048  FsDepends - ok
19:11:38.0690 0x1048  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
19:11:38.0700 0x1048  Fs_Rec - ok
19:11:38.0750 0x1048  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
19:11:38.0770 0x1048  fvevol - ok
19:11:38.0800 0x1048  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
19:11:38.0810 0x1048  gagp30kx - ok
19:11:38.0880 0x1048  [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
19:11:38.0910 0x1048  GameConsoleService - ok
19:11:38.0940 0x1048  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:11:38.0950 0x1048  GEARAspiWDM - ok
19:11:39.0000 0x1048  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
19:11:39.0060 0x1048  gpsvc - ok
19:11:39.0170 0x1048  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:11:39.0190 0x1048  gupdate - ok
19:11:39.0210 0x1048  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:11:39.0220 0x1048  gupdatem - ok
19:11:39.0260 0x1048  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:11:39.0270 0x1048  gusvc - ok
19:11:39.0290 0x1048  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
19:11:39.0340 0x1048  hcw85cir - ok
19:11:39.0380 0x1048  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:11:39.0430 0x1048  HdAudAddService - ok
19:11:39.0450 0x1048  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
19:11:39.0490 0x1048  HDAudBus - ok
19:11:39.0510 0x1048  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
19:11:39.0530 0x1048  HidBatt - ok
19:11:39.0540 0x1048  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
19:11:39.0570 0x1048  HidBth - ok
19:11:39.0630 0x1048  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
19:11:39.0660 0x1048  HidIr - ok
19:11:39.0690 0x1048  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
19:11:39.0730 0x1048  hidserv - ok
19:11:39.0780 0x1048  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
19:11:39.0830 0x1048  HidUsb - ok
19:11:39.0850 0x1048  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
19:11:39.0900 0x1048  hkmsvc - ok
19:11:39.0920 0x1048  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:11:39.0940 0x1048  HomeGroupListener - ok
19:11:39.0970 0x1048  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:11:39.0991 0x1048  HomeGroupProvider - ok
19:11:40.0031 0x1048  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
19:11:40.0051 0x1048  HpSAMD - ok
19:11:40.0101 0x1048  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
19:11:40.0181 0x1048  HTTP - ok
19:11:40.0211 0x1048  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
19:11:40.0221 0x1048  hwpolicy - ok
19:11:40.0271 0x1048  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
19:11:40.0301 0x1048  i8042prt - ok
19:11:40.0391 0x1048  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
19:11:40.0421 0x1048  iaStor - ok
19:11:40.0491 0x1048  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
19:11:40.0521 0x1048  iaStorV - ok
19:11:40.0611 0x1048  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:11:40.0651 0x1048  idsvc - ok
19:11:40.0691 0x1048  IEEtwCollectorService - ok
19:11:41.0131 0x1048  [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
19:11:41.0771 0x1048  igfx - ok
19:11:41.0851 0x1048  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
19:11:41.0881 0x1048  iirsp - ok
19:11:41.0941 0x1048  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
19:11:41.0981 0x1048  IKEEXT - ok
19:11:42.0141 0x1048  [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:11:42.0241 0x1048  IntcAzAudAddService - ok
19:11:42.0291 0x1048  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
19:11:42.0341 0x1048  IntcDAud - ok
19:11:42.0361 0x1048  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
19:11:42.0371 0x1048  intelide - ok
19:11:42.0421 0x1048  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
19:11:42.0461 0x1048  intelppm - ok
19:11:42.0511 0x1048  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
19:11:42.0561 0x1048  IPBusEnum - ok
19:11:42.0581 0x1048  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
19:11:42.0651 0x1048  IpFilterDriver - ok
19:11:42.0731 0x1048  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
19:11:42.0771 0x1048  iphlpsvc - ok
19:11:42.0781 0x1048  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
19:11:42.0801 0x1048  IPMIDRV - ok
19:11:42.0821 0x1048  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
19:11:42.0871 0x1048  IPNAT - ok
19:11:42.0911 0x1048  [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:11:42.0941 0x1048  iPod Service - ok
19:11:42.0961 0x1048  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
19:11:42.0971 0x1048  IRENUM - ok
19:11:43.0001 0x1048  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
19:11:43.0011 0x1048  isapnp - ok
19:11:43.0041 0x1048  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
19:11:43.0061 0x1048  iScsiPrt - ok
19:11:43.0091 0x1048  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
19:11:43.0101 0x1048  kbdclass - ok
19:11:43.0131 0x1048  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
19:11:43.0161 0x1048  kbdhid - ok
19:11:43.0181 0x1048  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
19:11:43.0191 0x1048  KeyIso - ok
19:11:43.0231 0x1048  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
19:11:43.0261 0x1048  KSecDD - ok
19:11:43.0281 0x1048  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
19:11:43.0291 0x1048  KSecPkg - ok
19:11:43.0321 0x1048  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
19:11:43.0371 0x1048  ksthunk - ok
19:11:43.0411 0x1048  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
19:11:43.0461 0x1048  KtmRm - ok
19:11:43.0491 0x1048  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
19:11:43.0541 0x1048  LanmanServer - ok
19:11:43.0561 0x1048  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:11:43.0601 0x1048  LanmanWorkstation - ok
19:11:43.0641 0x1048  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
19:11:43.0691 0x1048  lltdio - ok
19:11:43.0731 0x1048  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
19:11:43.0781 0x1048  lltdsvc - ok
19:11:43.0801 0x1048  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
19:11:43.0841 0x1048  lmhosts - ok
19:11:43.0931 0x1048  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:11:43.0961 0x1048  LMS - ok
19:11:44.0001 0x1048  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
19:11:44.0011 0x1048  LSI_FC - ok
19:11:44.0041 0x1048  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
19:11:44.0051 0x1048  LSI_SAS - ok
19:11:44.0061 0x1048  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
19:11:44.0071 0x1048  LSI_SAS2 - ok
19:11:44.0091 0x1048  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
19:11:44.0101 0x1048  LSI_SCSI - ok
19:11:44.0131 0x1048  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
19:11:44.0191 0x1048  luafv - ok
19:11:44.0221 0x1048  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
19:11:44.0241 0x1048  Mcx2Svc - ok
19:11:44.0261 0x1048  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
19:11:44.0271 0x1048  megasas - ok
19:11:44.0301 0x1048  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
19:11:44.0321 0x1048  MegaSR - ok
19:11:44.0361 0x1048  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
19:11:44.0371 0x1048  MEIx64 - ok
19:11:44.0401 0x1048  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
19:11:44.0441 0x1048  MMCSS - ok
19:11:44.0451 0x1048  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
19:11:44.0491 0x1048  Modem - ok
19:11:44.0521 0x1048  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
19:11:44.0551 0x1048  monitor - ok
19:11:44.0571 0x1048  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
19:11:44.0591 0x1048  mouclass - ok
19:11:44.0631 0x1048  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
19:11:44.0651 0x1048  mouhid - ok
19:11:44.0681 0x1048  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
19:11:44.0691 0x1048  mountmgr - ok
19:11:44.0711 0x1048  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
19:11:44.0721 0x1048  mpio - ok
19:11:44.0751 0x1048  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
19:11:44.0791 0x1048  mpsdrv - ok
19:11:44.0851 0x1048  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
19:11:44.0951 0x1048  MpsSvc - ok
19:11:44.0991 0x1048  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
19:11:45.0012 0x1048  MRxDAV - ok
19:11:45.0042 0x1048  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
19:11:45.0082 0x1048  mrxsmb - ok
19:11:45.0092 0x1048  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
19:11:45.0112 0x1048  mrxsmb10 - ok
19:11:45.0142 0x1048  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
19:11:45.0152 0x1048  mrxsmb20 - ok
19:11:45.0182 0x1048  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
19:11:45.0192 0x1048  msahci - ok
19:11:45.0232 0x1048  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
19:11:45.0242 0x1048  msdsm - ok
19:11:45.0262 0x1048  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
19:11:45.0282 0x1048  MSDTC - ok
19:11:45.0312 0x1048  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
19:11:45.0362 0x1048  Msfs - ok
19:11:45.0382 0x1048  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
19:11:45.0432 0x1048  mshidkmdf - ok
19:11:45.0462 0x1048  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
19:11:45.0472 0x1048  msisadrv - ok
19:11:45.0522 0x1048  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
19:11:45.0582 0x1048  MSiSCSI - ok
19:11:45.0592 0x1048  msiserver - ok
19:11:45.0632 0x1048  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
19:11:45.0682 0x1048  MSKSSRV - ok
19:11:45.0702 0x1048  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
19:11:45.0742 0x1048  MSPCLOCK - ok
19:11:45.0772 0x1048  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
19:11:45.0822 0x1048  MSPQM - ok
19:11:45.0852 0x1048  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
19:11:45.0872 0x1048  MsRPC - ok
19:11:45.0892 0x1048  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
19:11:45.0902 0x1048  mssmbios - ok
19:11:45.0922 0x1048  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
19:11:45.0972 0x1048  MSTEE - ok
19:11:46.0002 0x1048  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
19:11:46.0022 0x1048  MTConfig - ok
19:11:46.0032 0x1048  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
19:11:46.0042 0x1048  Mup - ok
19:11:46.0082 0x1048  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
19:11:46.0142 0x1048  napagent - ok
19:11:46.0192 0x1048  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
19:11:46.0222 0x1048  NativeWifiP - ok
19:11:46.0292 0x1048  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
19:11:46.0332 0x1048  NDIS - ok
19:11:46.0372 0x1048  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
19:11:46.0422 0x1048  NdisCap - ok
19:11:46.0462 0x1048  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
19:11:46.0502 0x1048  NdisTapi - ok
19:11:46.0512 0x1048  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
19:11:46.0562 0x1048  Ndisuio - ok
19:11:46.0582 0x1048  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
19:11:46.0632 0x1048  NdisWan - ok
19:11:46.0662 0x1048  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
19:11:46.0712 0x1048  NDProxy - ok
19:11:46.0852 0x1048  [ 87C61A17E908AEF1C63FBAF915C0B452, 75B41D36CC82A7B770B32C8309258C61A705E6F7C12E61404125F76D81BE344E ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
19:11:46.0872 0x1048  NeroMediaHomeService.4 - ok
19:11:46.0892 0x1048  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
19:11:46.0952 0x1048  NetBIOS - ok
19:11:46.0982 0x1048  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
19:11:47.0022 0x1048  NetBT - ok
19:11:47.0052 0x1048  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
19:11:47.0062 0x1048  Netlogon - ok
19:11:47.0092 0x1048  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
19:11:47.0162 0x1048  Netman - ok
19:11:47.0222 0x1048  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0252 0x1048  NetMsmqActivator - ok
19:11:47.0262 0x1048  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0282 0x1048  NetPipeActivator - ok
19:11:47.0322 0x1048  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
19:11:47.0372 0x1048  netprofm - ok
19:11:47.0422 0x1048  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0432 0x1048  NetTcpActivator - ok
19:11:47.0442 0x1048  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:11:47.0452 0x1048  NetTcpPortSharing - ok
19:11:47.0902 0x1048  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
19:11:48.0492 0x1048  NETwNs64 - ok
19:11:48.0552 0x1048  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
19:11:48.0562 0x1048  nfrd960 - ok
19:11:48.0602 0x1048  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
19:11:48.0622 0x1048  NlaSvc - ok
19:11:48.0762 0x1048  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:11:48.0846 0x1048  NOBU - ok
19:11:48.0876 0x1048  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
19:11:48.0906 0x1048  Npfs - ok
19:11:48.0936 0x1048  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
19:11:48.0976 0x1048  nsi - ok
19:11:48.0996 0x1048  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
19:11:49.0038 0x1048  nsiproxy - ok
19:11:49.0130 0x1048  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
19:11:49.0190 0x1048  Ntfs - ok
19:11:49.0230 0x1048  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
19:11:49.0280 0x1048  Null - ok
19:11:49.0774 0x1048  [ 70E89A21827B2669AF906B703C7C48B5, 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
19:11:50.0320 0x1048  nvlddmkm - ok
19:11:50.0400 0x1048  [ 4B9C0C2BF78289513101EB0D44834701, 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
19:11:50.0410 0x1048  nvpciflt - ok
19:11:50.0440 0x1048  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
19:11:50.0460 0x1048  nvraid - ok
19:11:50.0490 0x1048  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
19:11:50.0500 0x1048  nvstor - ok
19:11:50.0580 0x1048  [ E04FCE1D149CF05C3449E3171F9C3E41, 6BDD089B5A0C03CE1E9F63275AE35B8B66185B3E81DFF97F59423B9C35BEEBA7 ] NVSvc           C:\windows\system32\nvvsvc.exe
19:11:50.0620 0x1048  NVSvc - ok
19:11:50.0761 0x1048  [ D96DDEA6C699A99832E0186057801971, 374BB617335CC243F903447194B7EFC63222FD163BB9FA8C87616715C5120BF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:11:50.0822 0x1048  nvUpdatusService - ok
19:11:50.0852 0x1048  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
19:11:50.0862 0x1048  nv_agp - ok
19:11:50.0872 0x1048  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
19:11:50.0892 0x1048  ohci1394 - ok
19:11:50.0922 0x1048  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:11:50.0942 0x1048  ose - ok
19:11:51.0162 0x1048  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:11:51.0362 0x1048  osppsvc - ok
19:11:51.0402 0x1048  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
19:11:51.0442 0x1048  p2pimsvc - ok
19:11:51.0482 0x1048  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
19:11:51.0512 0x1048  p2psvc - ok
19:11:51.0552 0x1048  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
19:11:51.0562 0x1048  Parport - ok
19:11:51.0592 0x1048  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
19:11:51.0602 0x1048  partmgr - ok
19:11:51.0622 0x1048  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
19:11:51.0662 0x1048  PcaSvc - ok
19:11:51.0692 0x1048  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
19:11:51.0712 0x1048  pci - ok
19:11:51.0752 0x1048  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
19:11:51.0762 0x1048  pciide - ok
19:11:51.0792 0x1048  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
19:11:51.0812 0x1048  pcmcia - ok
19:11:51.0822 0x1048  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
19:11:51.0842 0x1048  pcw - ok
19:11:51.0872 0x1048  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
19:11:51.0942 0x1048  PEAUTH - ok
19:11:52.0022 0x1048  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
19:11:52.0052 0x1048  PerfHost - ok
19:11:52.0122 0x1048  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
19:11:52.0222 0x1048  pla - ok
19:11:52.0303 0x1048  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
19:11:52.0353 0x1048  PlugPlay - ok
19:11:52.0383 0x1048  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
19:11:52.0413 0x1048  PNRPAutoReg - ok
19:11:52.0443 0x1048  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
19:11:52.0463 0x1048  PNRPsvc - ok
19:11:52.0503 0x1048  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
19:11:52.0553 0x1048  PolicyAgent - ok
19:11:52.0583 0x1048  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
19:11:52.0623 0x1048  Power - ok
19:11:52.0673 0x1048  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
19:11:52.0713 0x1048  PptpMiniport - ok
19:11:52.0723 0x1048  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
19:11:52.0753 0x1048  Processor - ok
19:11:52.0773 0x1048  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
19:11:52.0813 0x1048  ProfSvc - ok
19:11:52.0833 0x1048  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
19:11:52.0843 0x1048  ProtectedStorage - ok
19:11:52.0873 0x1048  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
19:11:52.0923 0x1048  Psched - ok
19:11:53.0003 0x1048  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
19:11:53.0063 0x1048  ql2300 - ok
19:11:53.0083 0x1048  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
19:11:53.0093 0x1048  ql40xx - ok
19:11:53.0133 0x1048  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
19:11:53.0153 0x1048  QWAVE - ok
19:11:53.0183 0x1048  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
19:11:53.0213 0x1048  QWAVEdrv - ok
19:11:53.0213 0x1048  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
19:11:53.0263 0x1048  RasAcd - ok
19:11:53.0303 0x1048  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
19:11:53.0343 0x1048  RasAgileVpn - ok
19:11:53.0363 0x1048  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
19:11:53.0403 0x1048  RasAuto - ok
19:11:53.0443 0x1048  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
19:11:53.0483 0x1048  Rasl2tp - ok
19:11:53.0523 0x1048  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
19:11:53.0573 0x1048  RasMan - ok
19:11:53.0593 0x1048  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
19:11:53.0653 0x1048  RasPppoe - ok
19:11:53.0673 0x1048  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
19:11:53.0723 0x1048  RasSstp - ok
19:11:53.0753 0x1048  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
19:11:53.0803 0x1048  rdbss - ok
19:11:53.0833 0x1048  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
19:11:53.0843 0x1048  rdpbus - ok
19:11:53.0863 0x1048  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
19:11:53.0903 0x1048  RDPCDD - ok
19:11:53.0913 0x1048  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
19:11:53.0963 0x1048  RDPENCDD - ok
19:11:53.0993 0x1048  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
19:11:54.0033 0x1048  RDPREFMP - ok
19:11:54.0063 0x1048  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
19:11:54.0093 0x1048  RDPWD - ok
19:11:54.0113 0x1048  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
19:11:54.0133 0x1048  rdyboost - ok
19:11:54.0163 0x1048  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
19:11:54.0203 0x1048  RemoteAccess - ok
19:11:54.0223 0x1048  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
19:11:54.0263 0x1048  RemoteRegistry - ok
19:11:54.0283 0x1048  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
19:11:54.0313 0x1048  RFCOMM - ok
19:11:54.0383 0x1048  [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:11:54.0403 0x1048  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
19:11:56.0755 0x1048  Detect skipped due to KSN trusted
19:11:56.0755 0x1048  RichVideo - ok
19:11:56.0795 0x1048  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
19:11:56.0835 0x1048  RpcEptMapper - ok
19:11:56.0865 0x1048  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
19:11:56.0875 0x1048  RpcLocator - ok
19:11:56.0895 0x1048  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
19:11:56.0945 0x1048  RpcSs - ok
19:11:56.0975 0x1048  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
19:11:57.0025 0x1048  rspndr - ok
19:11:57.0075 0x1048  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
19:11:57.0095 0x1048  RTL8167 - ok
19:11:57.0165 0x1048  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
19:11:57.0185 0x1048  rtport - ok
19:11:57.0215 0x1048  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
19:11:57.0245 0x1048  SABI - ok
19:11:57.0265 0x1048  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\windows\system32\lsass.exe
19:11:57.0285 0x1048  SamSs - ok
19:11:57.0315 0x1048  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
19:11:57.0325 0x1048  sbp2port - ok
19:11:57.0355 0x1048  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
19:11:57.0405 0x1048  SCardSvr - ok
19:11:57.0415 0x1048  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
19:11:57.0455 0x1048  scfilter - ok
19:11:57.0505 0x1048  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
19:11:57.0585 0x1048  Schedule - ok
19:11:57.0605 0x1048  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
19:11:57.0645 0x1048  SCPolicySvc - ok
19:11:57.0675 0x1048  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
19:11:57.0695 0x1048  SDRSVC - ok
19:11:57.0855 0x1048  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:11:57.0905 0x1048  SDScannerService - ok
19:11:58.0045 0x1048  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:11:58.0115 0x1048  SDUpdateService - ok
19:11:58.0135 0x1048  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:11:58.0145 0x1048  SDWSCService - ok
19:11:58.0185 0x1048  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:11:58.0205 0x1048  SeaPort - ok
19:11:58.0235 0x1048  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
19:11:58.0275 0x1048  secdrv - ok
19:11:58.0305 0x1048  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
19:11:58.0335 0x1048  seclogon - ok
19:11:58.0345 0x1048  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
19:11:58.0385 0x1048  SENS - ok
19:11:58.0395 0x1048  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
19:11:58.0425 0x1048  SensrSvc - ok
19:11:58.0455 0x1048  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
19:11:58.0475 0x1048  Serenum - ok
19:11:58.0485 0x1048  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
19:11:58.0505 0x1048  Serial - ok
19:11:58.0545 0x1048  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
19:11:58.0555 0x1048  sermouse - ok
19:11:58.0585 0x1048  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
19:11:58.0625 0x1048  SessionEnv - ok
19:11:58.0635 0x1048  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
19:11:58.0655 0x1048  sffdisk - ok
19:11:58.0655 0x1048  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
19:11:58.0675 0x1048  sffp_mmc - ok
19:11:58.0675 0x1048  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
19:11:58.0705 0x1048  sffp_sd - ok
19:11:58.0715 0x1048  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
19:11:58.0735 0x1048  sfloppy - ok
19:11:58.0845 0x1048  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
19:11:58.0885 0x1048  Sftfs - ok
19:11:58.0975 0x1048  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:11:59.0005 0x1048  sftlist - ok
19:11:59.0025 0x1048  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
19:11:59.0045 0x1048  Sftplay - ok
19:11:59.0075 0x1048  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
19:11:59.0085 0x1048  Sftredir - ok
19:11:59.0105 0x1048  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
19:11:59.0115 0x1048  Sftvol - ok
19:11:59.0155 0x1048  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:11:59.0165 0x1048  sftvsa - ok
19:11:59.0215 0x1048  [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv           C:\windows\system32\DRIVERS\SGdrv64.sys
19:11:59.0255 0x1048  SGDrv - ok
19:11:59.0295 0x1048  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
19:11:59.0345 0x1048  SharedAccess - ok
19:11:59.0375 0x1048  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:11:59.0425 0x1048  ShellHWDetection - ok
19:11:59.0465 0x1048  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
19:11:59.0495 0x1048  SiSRaid2 - ok
19:11:59.0525 0x1048  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
19:11:59.0535 0x1048  SiSRaid4 - ok
19:11:59.0595 0x1048  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:11:59.0615 0x1048  SkypeUpdate - ok
19:11:59.0645 0x1048  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
19:11:59.0695 0x1048  Smb - ok
19:11:59.0745 0x1048  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
19:11:59.0765 0x1048  SNMPTRAP - ok
19:11:59.0785 0x1048  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
19:11:59.0795 0x1048  spldr - ok
19:11:59.0835 0x1048  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
19:11:59.0885 0x1048  Spooler - ok
19:12:00.0035 0x1048  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
19:12:00.0226 0x1048  sppsvc - ok
19:12:00.0246 0x1048  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
19:12:00.0286 0x1048  sppuinotify - ok
19:12:00.0326 0x1048  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
19:12:00.0386 0x1048  srv - ok
19:12:00.0426 0x1048  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
19:12:00.0466 0x1048  srv2 - ok
19:12:00.0476 0x1048  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
19:12:00.0506 0x1048  srvnet - ok
19:12:00.0526 0x1048  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
19:12:00.0566 0x1048  SSDPSRV - ok
19:12:00.0576 0x1048  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
19:12:00.0616 0x1048  SstpSvc - ok
19:12:00.0646 0x1048  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
19:12:00.0656 0x1048  stexstor - ok
19:12:00.0726 0x1048  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
19:12:00.0756 0x1048  stisvc - ok
19:12:00.0776 0x1048  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
19:12:00.0786 0x1048  swenum - ok
19:12:00.0826 0x1048  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
19:12:00.0896 0x1048  swprv - ok
19:12:00.0986 0x1048  SWUpdateService - ok
19:12:01.0088 0x1048  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
19:12:01.0178 0x1048  SysMain - ok
19:12:01.0208 0x1048  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
19:12:01.0228 0x1048  TabletInputService - ok
19:12:01.0248 0x1048  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
19:12:01.0298 0x1048  TapiSrv - ok
19:12:01.0308 0x1048  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
19:12:01.0338 0x1048  TBS - ok
19:12:01.0448 0x1048  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
19:12:01.0518 0x1048  Tcpip - ok
19:12:01.0618 0x1048  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
19:12:01.0678 0x1048  TCPIP6 - ok
19:12:01.0718 0x1048  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
19:12:01.0738 0x1048  tcpipreg - ok
19:12:01.0778 0x1048  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
19:12:01.0828 0x1048  TDPIPE - ok
19:12:01.0848 0x1048  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
19:12:01.0868 0x1048  TDTCP - ok
19:12:01.0888 0x1048  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
19:12:01.0938 0x1048  tdx - ok
19:12:01.0968 0x1048  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
19:12:01.0978 0x1048  TermDD - ok
19:12:02.0048 0x1048  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
19:12:02.0118 0x1048  TermService - ok
19:12:02.0128 0x1048  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
19:12:02.0158 0x1048  Themes - ok
19:12:02.0188 0x1048  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
19:12:02.0228 0x1048  THREADORDER - ok
19:12:02.0258 0x1048  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
19:12:02.0298 0x1048  TrkWks - ok
19:12:02.0368 0x1048  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:12:02.0418 0x1048  TrustedInstaller - ok
19:12:02.0448 0x1048  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
19:12:02.0478 0x1048  tssecsrv - ok
19:12:02.0498 0x1048  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
19:12:02.0528 0x1048  TsUsbFlt - ok
19:12:02.0548 0x1048  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
19:12:02.0568 0x1048  TsUsbGD - ok
19:12:02.0598 0x1048  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
19:12:02.0648 0x1048  tunnel - ok
19:12:02.0668 0x1048  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
19:12:02.0678 0x1048  uagp35 - ok
19:12:02.0708 0x1048  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
19:12:02.0788 0x1048  udfs - ok
19:12:02.0818 0x1048  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
19:12:02.0828 0x1048  UI0Detect - ok
19:12:02.0858 0x1048  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
19:12:02.0868 0x1048  uliagpkx - ok
19:12:02.0878 0x1048  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
19:12:02.0908 0x1048  umbus - ok
19:12:02.0948 0x1048  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
19:12:02.0948 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
19:12:02.0948 0x1048  UmPass - detected LockedFile.Multi.Generic ( 1 )
19:12:05.0350 0x1048  Detect skipped due to KSN trusted
19:12:05.0350 0x1048  UmPass - ok
19:12:05.0560 0x1048  [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:12:05.0640 0x1048  UNS - ok
19:12:05.0690 0x1048  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
19:12:05.0750 0x1048  upnphost - ok
19:12:05.0770 0x1048  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
19:12:05.0800 0x1048  USBAAPL64 - ok
19:12:05.0870 0x1048  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
19:12:05.0870 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbaudio.sys. md5: B0435098C81D04CAFFF80DDB746CD3A2, sha256: A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A
19:12:05.0870 0x1048  usbaudio - detected LockedFile.Multi.Generic ( 1 )
19:12:08.0250 0x1048  Detect skipped due to KSN trusted
19:12:08.0250 0x1048  usbaudio - ok
19:12:08.0310 0x1048  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
19:12:08.0310 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
19:12:08.0310 0x1048  usbccgp - detected LockedFile.Multi.Generic ( 1 )
19:12:10.0703 0x1048  Detect skipped due to KSN trusted
19:12:10.0703 0x1048  usbccgp - ok
19:12:10.0783 0x1048  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
19:12:10.0783 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
19:12:10.0783 0x1048  usbcir - detected LockedFile.Multi.Generic ( 1 )
19:12:13.0163 0x1048  Detect skipped due to KSN trusted
19:12:13.0163 0x1048  usbcir - ok
19:12:13.0213 0x1048  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
19:12:13.0223 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
19:12:13.0223 0x1048  usbehci - detected LockedFile.Multi.Generic ( 1 )
19:12:15.0609 0x1048  Detect skipped due to KSN trusted
19:12:15.0609 0x1048  usbehci - ok
19:12:15.0699 0x1048  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
19:12:15.0699 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
19:12:15.0699 0x1048  usbhub - detected LockedFile.Multi.Generic ( 1 )
19:12:21.0375 0x1048  Detect skipped due to KSN trusted
19:12:21.0375 0x1048  usbhub - ok
19:12:21.0425 0x1048  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
19:12:21.0425 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
19:12:21.0425 0x1048  usbohci - detected LockedFile.Multi.Generic ( 1 )
19:12:23.0805 0x1048  Detect skipped due to KSN trusted
19:12:23.0805 0x1048  usbohci - ok
19:12:23.0855 0x1048  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
19:12:23.0855 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
19:12:23.0855 0x1048  usbprint - detected LockedFile.Multi.Generic ( 1 )
19:12:26.0247 0x1048  Detect skipped due to KSN trusted
19:12:26.0247 0x1048  usbprint - ok
19:12:26.0327 0x1048  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
19:12:26.0327 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637
19:12:26.0327 0x1048  usbscan - detected LockedFile.Multi.Generic ( 1 )
19:12:28.0697 0x1048  Detect skipped due to KSN trusted
19:12:28.0697 0x1048  usbscan - ok
19:12:28.0717 0x1048  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
19:12:28.0717 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
19:12:28.0717 0x1048  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
19:12:31.0079 0x1048  Detect skipped due to KSN trusted
19:12:31.0079 0x1048  USBSTOR - ok
19:12:31.0129 0x1048  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
19:12:31.0129 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
19:12:31.0129 0x1048  usbuhci - detected LockedFile.Multi.Generic ( 1 )
19:12:33.0509 0x1048  Detect skipped due to KSN trusted
19:12:33.0509 0x1048  usbuhci - ok
19:12:33.0569 0x1048  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
19:12:33.0569 0x1048  Suspicious file ( NoAccess ): C:\windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
19:12:33.0569 0x1048  usbvideo - detected LockedFile.Multi.Generic ( 1 )
19:12:35.0970 0x1048  Detect skipped due to KSN trusted
19:12:35.0970 0x1048  usbvideo - ok
19:12:36.0010 0x1048  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
19:12:36.0080 0x1048  UxSms - ok
19:12:36.0100 0x1048  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
19:12:36.0110 0x1048  VaultSvc - ok
19:12:36.0130 0x1048  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
19:12:36.0130 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
19:12:36.0140 0x1048  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
19:12:38.0520 0x1048  Detect skipped due to KSN trusted
19:12:38.0520 0x1048  vdrvroot - ok
19:12:38.0590 0x1048  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
19:12:38.0680 0x1048  vds - ok
19:12:38.0720 0x1048  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
19:12:38.0720 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
19:12:38.0720 0x1048  vga - detected LockedFile.Multi.Generic ( 1 )
19:12:41.0112 0x1048  Detect skipped due to KSN trusted
19:12:41.0112 0x1048  vga - ok
19:12:41.0152 0x1048  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
19:12:41.0152 0x1048  Suspicious file ( NoAccess ): C:\windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
19:12:41.0152 0x1048  VgaSave - detected LockedFile.Multi.Generic ( 1 )
19:12:43.0523 0x1048  Detect skipped due to KSN trusted
19:12:43.0523 0x1048  VgaSave - ok
19:12:43.0583 0x1048  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
19:12:43.0583 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
19:12:43.0583 0x1048  vhdmp - detected LockedFile.Multi.Generic ( 1 )
19:12:45.0975 0x1048  Detect skipped due to KSN trusted
19:12:45.0975 0x1048  vhdmp - ok
19:12:46.0005 0x1048  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
19:12:46.0005 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
19:12:46.0005 0x1048  viaide - detected LockedFile.Multi.Generic ( 1 )
19:12:48.0375 0x1048  Detect skipped due to KSN trusted
19:12:48.0375 0x1048  viaide - ok
19:12:48.0455 0x1048  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
19:12:48.0455 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
19:12:48.0455 0x1048  volmgr - detected LockedFile.Multi.Generic ( 1 )
19:12:50.0827 0x1048  Detect skipped due to KSN trusted
19:12:50.0827 0x1048  volmgr - ok
19:12:50.0887 0x1048  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
19:12:50.0887 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
19:12:50.0887 0x1048  volmgrx - detected LockedFile.Multi.Generic ( 1 )
19:12:53.0267 0x1048  Detect skipped due to KSN trusted
19:12:53.0267 0x1048  volmgrx - ok
19:12:53.0337 0x1048  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
19:12:53.0337 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\volsnap.sys. md5: DF8126BD41180351A093A3AD2FC8903B, sha256: AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A
19:12:53.0337 0x1048  volsnap - detected LockedFile.Multi.Generic ( 1 )
19:12:55.0710 0x1048  Detect skipped due to KSN trusted
19:12:55.0710 0x1048  volsnap - ok
19:12:55.0760 0x1048  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
19:12:55.0760 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
19:12:55.0760 0x1048  vsmraid - detected LockedFile.Multi.Generic ( 1 )
19:12:58.0200 0x1048  Detect skipped due to KSN trusted
19:12:58.0200 0x1048  vsmraid - ok
19:12:58.0330 0x1048  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
19:12:58.0430 0x1048  VSS - ok
19:12:58.0440 0x1048  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
19:12:58.0440 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
19:12:58.0450 0x1048  vwifibus - detected LockedFile.Multi.Generic ( 1 )
19:13:00.0812 0x1048  Detect skipped due to KSN trusted
19:13:00.0812 0x1048  vwifibus - ok
19:13:00.0862 0x1048  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
19:13:00.0862 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwififlt.sys. md5: 13A0DECD1794DE60A8427862C8669D27, sha256: 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF
19:13:00.0872 0x1048  vwififlt - detected LockedFile.Multi.Generic ( 1 )
19:13:03.0242 0x1048  Detect skipped due to KSN trusted
19:13:03.0242 0x1048  vwififlt - ok
19:13:03.0322 0x1048  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
19:13:03.0322 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\vwifimp.sys. md5: 49003B357D101CDC474937437ECF5ABC, sha256: D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6
19:13:03.0322 0x1048  vwifimp - detected LockedFile.Multi.Generic ( 1 )
19:13:05.0714 0x1048  Detect skipped due to KSN trusted
19:13:05.0714 0x1048  vwifimp - ok
19:13:05.0774 0x1048  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
19:13:05.0844 0x1048  W32Time - ok
19:13:05.0874 0x1048  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
19:13:05.0874 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
19:13:05.0874 0x1048  WacomPen - detected LockedFile.Multi.Generic ( 1 )
19:13:08.0234 0x1048  Detect skipped due to KSN trusted
19:13:08.0234 0x1048  WacomPen - ok
19:13:08.0294 0x1048  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
19:13:08.0294 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:13:08.0294 0x1048  WANARP - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0676 0x1048  Detect skipped due to KSN trusted
19:13:10.0676 0x1048  WANARP - ok
19:13:10.0716 0x1048  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
19:13:10.0716 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
19:13:10.0716 0x1048  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0716 0x1048  Detect skipped due to KSN trusted
19:13:10.0716 0x1048  Wanarpv6 - ok
19:13:10.0816 0x1048  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
19:13:10.0896 0x1048  wbengine - ok
19:13:10.0916 0x1048  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
19:13:10.0946 0x1048  WbioSrvc - ok
19:13:10.0986 0x1048  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
19:13:11.0056 0x1048  wcncsvc - ok
19:13:11.0076 0x1048  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:13:11.0096 0x1048  WcsPlugInService - ok
19:13:11.0116 0x1048  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
19:13:11.0126 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
19:13:11.0126 0x1048  Wd - detected LockedFile.Multi.Generic ( 1 )
19:13:13.0496 0x1048  Detect skipped due to KSN trusted
19:13:13.0496 0x1048  Wd - ok
19:13:13.0596 0x1048  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
19:13:13.0596 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
19:13:13.0596 0x1048  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
19:13:15.0980 0x1048  Detect skipped due to KSN trusted
19:13:15.0980 0x1048  Wdf01000 - ok
19:13:16.0020 0x1048  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
19:13:16.0120 0x1048  WdiServiceHost - ok
19:13:16.0130 0x1048  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
19:13:16.0160 0x1048  WdiSystemHost - ok
19:13:16.0210 0x1048  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
19:13:16.0240 0x1048  WebClient - ok
19:13:16.0260 0x1048  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
19:13:16.0310 0x1048  Wecsvc - ok
19:13:16.0320 0x1048  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
19:13:16.0360 0x1048  wercplsupport - ok
19:13:16.0400 0x1048  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
19:13:16.0440 0x1048  WerSvc - ok
19:13:16.0460 0x1048  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
19:13:16.0460 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
19:13:16.0460 0x1048  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
19:13:18.0830 0x1048  Detect skipped due to KSN trusted
19:13:18.0830 0x1048  WfpLwf - ok
19:13:18.0900 0x1048  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
19:13:18.0900 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
19:13:18.0900 0x1048  WIMMount - detected LockedFile.Multi.Generic ( 1 )
19:13:21.0282 0x1048  Detect skipped due to KSN trusted
19:13:21.0282 0x1048  WIMMount - ok
19:13:21.0302 0x1048  WinDefend - ok
19:13:21.0332 0x1048  WinHttpAutoProxySvc - ok
19:13:21.0412 0x1048  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
19:13:21.0462 0x1048  Winmgmt - ok
19:13:21.0552 0x1048  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
19:13:21.0662 0x1048  WinRM - ok
19:13:21.0712 0x1048  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
19:13:21.0712 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
19:13:21.0732 0x1048  WinUsb - detected LockedFile.Multi.Generic ( 1 )
19:13:25.0052 0x1048  Detect skipped due to KSN trusted
19:13:25.0052 0x1048  WinUsb - ok
19:13:25.0172 0x1048  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
19:13:25.0222 0x1048  Wlansvc - ok
19:13:25.0292 0x1048  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:13:25.0322 0x1048  wlcrasvc - ok
19:13:25.0472 0x1048  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:13:25.0552 0x1048  wlidsvc - ok
19:13:25.0572 0x1048  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
19:13:25.0572 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
19:13:25.0572 0x1048  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
19:13:27.0942 0x1048  Detect skipped due to KSN trusted
19:13:27.0942 0x1048  WmiAcpi - ok
19:13:28.0012 0x1048  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
19:13:28.0062 0x1048  wmiApSrv - ok
19:13:28.0098 0x1048  WMPNetworkSvc - ok
19:13:28.0134 0x1048  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
19:13:28.0164 0x1048  WPCSvc - ok
19:13:28.0184 0x1048  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
19:13:28.0204 0x1048  WPDBusEnum - ok
19:13:28.0234 0x1048  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
19:13:28.0234 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
19:13:28.0234 0x1048  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
19:13:30.0606 0x1048  Detect skipped due to KSN trusted
19:13:30.0606 0x1048  ws2ifsl - ok
19:13:30.0656 0x1048  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
19:13:30.0696 0x1048  wscsvc - ok
19:13:30.0706 0x1048  WSearch - ok
19:13:30.0826 0x1048  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
19:13:30.0916 0x1048  wuauserv - ok
19:13:30.0946 0x1048  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
19:13:30.0946 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
19:13:30.0946 0x1048  WudfPf - detected LockedFile.Multi.Generic ( 1 )
19:13:33.0316 0x1048  Detect skipped due to KSN trusted
19:13:33.0316 0x1048  WudfPf - ok
19:13:33.0406 0x1048  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
19:13:33.0406 0x1048  Suspicious file ( NoAccess ): C:\windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
19:13:33.0406 0x1048  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
19:13:35.0788 0x1048  Detect skipped due to KSN trusted
19:13:35.0788 0x1048  WUDFRd - ok
19:13:35.0838 0x1048  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
19:13:35.0878 0x1048  wudfsvc - ok
19:13:35.0928 0x1048  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
19:13:35.0958 0x1048  WwanSvc - ok
19:13:36.0008 0x1048  ================ Scan global ===============================
19:13:36.0028 0x1048  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
19:13:36.0058 0x1048  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
19:13:36.0078 0x1048  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
19:13:36.0108 0x1048  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
19:13:36.0128 0x1048  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
19:13:36.0138 0x1048  [ Global ] - ok
19:13:36.0138 0x1048  ================ Scan MBR ==================================
19:13:36.0148 0x1048  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:13:36.0728 0x1048  \Device\Harddisk0\DR0 - ok
19:13:36.0728 0x1048  ================ Scan VBR ==================================
19:13:36.0738 0x1048  [ 12DAF88A34F6BBCA003BC600F4B3E7BD ] \Device\Harddisk0\DR0\Partition1
19:13:36.0748 0x1048  \Device\Harddisk0\DR0\Partition1 - ok
19:13:36.0758 0x1048  [ 722C8CA0C3066ADB168BDEDE7EDF626E ] \Device\Harddisk0\DR0\Partition2
19:13:36.0758 0x1048  \Device\Harddisk0\DR0\Partition2 - ok
19:13:36.0778 0x1048  [ A0812CB5A031E4013F7EEEDDE0A4AEC5 ] \Device\Harddisk0\DR0\Partition3
19:13:36.0788 0x1048  \Device\Harddisk0\DR0\Partition3 - ok
19:13:36.0788 0x1048  ================ Scan generic autorun ======================
19:13:37.0268 0x1048  [ 71BC8F95B5E5AFA85D66881EAF919C6F, AF88E6BDA52BAAAEBC640F21BB7C16F3ED3F4127EFA48E0752A55C3D807D0CA3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:13:37.0818 0x1048  RtHDVCpl - ok
19:13:37.0828 0x1048  ETDCtrl - ok
19:13:38.0108 0x1048  [ 5F3939E2FBA9BFE055E545826ACC0D97, C8C3C691B33E3B5F3F0E6FB79996F5753AC69C09827E03BE9FF73A4E6DE9A732 ] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
19:13:38.0298 0x1048  Nero MediaHome 4 - ok
19:13:38.0338 0x1048  [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:13:38.0358 0x1048  APSDaemon - ok
19:13:38.0398 0x1048  [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
19:13:38.0428 0x1048  iTunesHelper - ok
19:13:38.0508 0x1048  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
19:13:38.0538 0x1048  avgnt - ok
19:13:38.0708 0x1048  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
19:13:38.0898 0x1048  SDTray - ok
19:13:38.0998 0x1048  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:39.0078 0x1048  Sidebar - ok
19:13:39.0108 0x1048  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:39.0128 0x1048  mctadmin - ok
19:13:39.0178 0x1048  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:39.0228 0x1048  Sidebar - ok
19:13:39.0238 0x1048  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:39.0258 0x1048  mctadmin - ok
19:13:39.0418 0x1048  [ D6B3AF9E3CE610B69AB1D38262DAE833, CBE366A5459A651537466B9F5017AB87FA8AD5B28F4FADE3FA66B4D97950B5D7 ] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
19:13:39.0498 0x1048  Plex Media Server - ok
19:13:40.0230 0x1048  [ BA5819A23150B3B7C4F94125E7F11E83, 0EAFE4931B4EDD9A67DDCD9DAF83BFD190DADC2FCB149733071F956228E4D1E5 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
19:13:40.0910 0x1048  Skype - ok
19:13:41.0130 0x1048  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
19:13:41.0360 0x1048  Spybot-S&D Cleaning - ok
19:13:41.0420 0x1048  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:41.0470 0x1048  Sidebar - ok
19:13:41.0480 0x1048  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:41.0500 0x1048  mctadmin - ok
19:13:41.0550 0x1048  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:13:41.0600 0x1048  Sidebar - ok
19:13:41.0610 0x1048  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:13:41.0630 0x1048  mctadmin - ok
19:13:41.0640 0x1048  Waiting for KSN requests completion. In queue: 19
19:13:42.0640 0x1048  Waiting for KSN requests completion. In queue: 19
19:13:43.0640 0x1048  Waiting for KSN requests completion. In queue: 19
19:13:44.0660 0x1048  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
19:13:44.0670 0x1048  Win FW state via NFP2: enabled
19:13:47.0062 0x1048  ============================================================
19:13:47.0062 0x1048  Scan finished
19:13:47.0062 0x1048  ============================================================
19:13:47.0082 0x16f8  Detected object count: 1
19:13:47.0082 0x16f8  Actual detected object count: 1
19:14:03.0558 0x16f8  C:\windows\System32\Drivers\6ab48a75c5156135.sys - copied to quarantine
19:14:03.0568 0x16f8  HKLM\SYSTEM\ControlSet001\services\6ab48a75c5156135 - will be deleted on reboot
19:14:03.0588 0x16f8  HKLM\SYSTEM\ControlSet002\services\6ab48a75c5156135 - will be deleted on reboot
19:14:03.0748 0x16f8  C:\windows\System32\Drivers\6ab48a75c5156135.sys - will be deleted on reboot
19:14:03.0748 0x16f8  6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
19:14:03.0818 0x16f8  KLMD registered as C:\windows\system32\drivers\21478227.sys
19:14:09.0197 0x051c  Deinitialize success
         
__________________


Alt 09.01.2015, 19:22   #18
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,

und hier das 2. Log
Code:
ATTFilter
19:18:09.0421 0x0624  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
19:18:10.0341 0x0624  ============================================================
19:18:10.0341 0x0624  Current date / time: 2015/01/09 19:18:10.0341
19:18:10.0341 0x0624  SystemInfo:
19:18:10.0341 0x0624  
19:18:10.0341 0x0624  OS Version: 6.1.7601 ServicePack: 1.0
19:18:10.0341 0x0624  Product type: Workstation
19:18:10.0341 0x0624  ComputerName: LUISE-PC
19:18:10.0341 0x0624  UserName: Luise
19:18:10.0341 0x0624  Windows directory: C:\windows
19:18:10.0341 0x0624  System windows directory: C:\windows
19:18:10.0341 0x0624  Running under WOW64
19:18:10.0341 0x0624  Processor architecture: Intel x64
19:18:10.0341 0x0624  Number of processors: 2
19:18:10.0341 0x0624  Page size: 0x1000
19:18:10.0341 0x0624  Boot type: Normal boot
19:18:10.0341 0x0624  ============================================================
19:18:10.0341 0x0624  BG loaded
19:18:12.0305 0x0624  System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
19:18:13.0562 0x0624  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:18:13.0578 0x0624  ============================================================
19:18:13.0578 0x0624  \Device\Harddisk0\DR0:
19:18:13.0578 0x0624  MBR partitions:
19:18:13.0578 0x0624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:18:13.0578 0x0624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
19:18:13.0671 0x0624  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
19:18:13.0671 0x0624  ============================================================
19:18:13.0937 0x0624  C: <-> \Device\Harddisk0\DR0\Partition2
19:18:14.0061 0x0624  D: <-> \Device\Harddisk0\DR0\Partition3
19:18:14.0061 0x0624  ============================================================
19:18:14.0061 0x0624  Initialize success
19:18:14.0061 0x0624  ============================================================
         
VG Mirko
__________________

Alt 09.01.2015, 20:48   #19
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



TDSSKiller nochmal scannen lassen, Log posten.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 08:34   #20
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Guten morgen Schrauber anbei der Report von TDSSKILLER
Code:
ATTFilter
08:31:16.0055 0x0188  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
08:31:19.0360 0x0188  ============================================================
08:31:19.0360 0x0188  Current date / time: 2015/01/10 08:31:19.0360
08:31:19.0360 0x0188  SystemInfo:
08:31:19.0360 0x0188  
08:31:19.0360 0x0188  OS Version: 6.1.7601 ServicePack: 1.0
08:31:19.0360 0x0188  Product type: Workstation
08:31:19.0360 0x0188  ComputerName: LUISE-PC
08:31:19.0360 0x0188  UserName: Luise
08:31:19.0360 0x0188  Windows directory: C:\windows
08:31:19.0360 0x0188  System windows directory: C:\windows
08:31:19.0360 0x0188  Running under WOW64
08:31:19.0360 0x0188  Processor architecture: Intel x64
08:31:19.0360 0x0188  Number of processors: 2
08:31:19.0360 0x0188  Page size: 0x1000
08:31:19.0360 0x0188  Boot type: Normal boot
08:31:19.0360 0x0188  ============================================================
08:31:19.0370 0x0188  BG loaded
08:31:19.0871 0x0188  System UUID: {7BD9FA72-A16F-1D8E-AD5B-E597C14D28EC}
08:31:20.0884 0x0188  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:20.0894 0x0188  ============================================================
08:31:20.0894 0x0188  \Device\Harddisk0\DR0:
08:31:20.0894 0x0188  MBR partitions:
08:31:20.0894 0x0188  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:31:20.0894 0x0188  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000
08:31:20.0914 0x0188  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x212C6000
08:31:20.0914 0x0188  ============================================================
08:31:20.0934 0x0188  C: <-> \Device\Harddisk0\DR0\Partition2
08:31:21.0004 0x0188  D: <-> \Device\Harddisk0\DR0\Partition3
08:31:21.0004 0x0188  ============================================================
08:31:21.0004 0x0188  Initialize success
08:31:21.0004 0x0188  ============================================================
08:31:30.0374 0x0d10  ============================================================
08:31:30.0374 0x0d10  Scan started
08:31:30.0374 0x0d10  Mode: Manual; SigCheck; TDLFS; 
08:31:30.0374 0x0d10  ============================================================
08:31:30.0374 0x0d10  KSN ping started
08:31:32.0979 0x0d10  KSN ping finished: true
08:31:33.0799 0x0d10  ================ Scan system memory ========================
08:31:33.0799 0x0d10  System memory - ok
08:31:33.0799 0x0d10  ================ Scan services =============================
08:31:33.0979 0x0d10  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
08:31:34.0129 0x0d10  1394ohci - ok
08:31:34.0189 0x0d10  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
08:31:34.0239 0x0d10  ACPI - ok
08:31:34.0259 0x0d10  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
08:31:34.0299 0x0d10  AcpiPmi - ok
08:31:34.0439 0x0d10  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:31:34.0479 0x0d10  AdobeFlashPlayerUpdateSvc - ok
08:31:34.0539 0x0d10  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
08:31:34.0589 0x0d10  adp94xx - ok
08:31:34.0639 0x0d10  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
08:31:34.0679 0x0d10  adpahci - ok
08:31:34.0719 0x0d10  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
08:31:34.0749 0x0d10  adpu320 - ok
08:31:34.0789 0x0d10  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
08:31:34.0879 0x0d10  AeLookupSvc - ok
08:31:34.0969 0x0d10  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
08:31:35.0029 0x0d10  AFD - ok
08:31:35.0059 0x0d10  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
08:31:35.0089 0x0d10  agp440 - ok
08:31:35.0129 0x0d10  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
08:31:35.0159 0x0d10  ALG - ok
08:31:35.0209 0x0d10  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
08:31:35.0229 0x0d10  aliide - ok
08:31:35.0249 0x0d10  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
08:31:35.0269 0x0d10  amdide - ok
08:31:35.0299 0x0d10  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
08:31:35.0329 0x0d10  AmdK8 - ok
08:31:35.0339 0x0d10  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
08:31:35.0369 0x0d10  AmdPPM - ok
08:31:35.0409 0x0d10  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
08:31:35.0439 0x0d10  amdsata - ok
08:31:35.0479 0x0d10  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
08:31:35.0509 0x0d10  amdsbs - ok
08:31:35.0519 0x0d10  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
08:31:35.0539 0x0d10  amdxata - ok
08:31:35.0589 0x0d10  [ 48CD7E6520D47D62EAB0E6CE3EC30C65, D5E6206081202A005888F6F576DDE37C1EE973D7FD155B6C41C7BFE07DEE61F8 ] Andbus          C:\windows\system32\DRIVERS\lgandbus64.sys
08:31:35.0619 0x0d10  Andbus - ok
08:31:35.0649 0x0d10  [ 08CBACC00D15DCDBBAAE1A7C8F231C61, E713CA0A7A1DC50408004523FC91149CB99AF443E511D00899244AA7C5D1E0EC ] AndDiag         C:\windows\system32\DRIVERS\lganddiag64.sys
08:31:35.0669 0x0d10  AndDiag - ok
08:31:35.0689 0x0d10  [ CEA9A4CD6B3A83428CE8501240833668, B382AD9E0D5CBB057D64C505A6E1A1A1C3769C83981C60F4EDF966D7BB13A459 ] AndGps          C:\windows\system32\DRIVERS\lgandgps64.sys
08:31:35.0719 0x0d10  AndGps - ok
08:31:35.0729 0x0d10  [ E2B5663E547FA5E756B253EFA8EC8286, 78FC406BF15615A6BA9AF9CDC49AC0B8EE7F54628BDB1B1FF8596AB2C65E5925 ] ANDModem        C:\windows\system32\DRIVERS\lgandmodem64.sys
08:31:35.0759 0x0d10  ANDModem - ok
08:31:35.0909 0x0d10  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:31:35.0969 0x0d10  AntiVirSchedulerService - ok
08:31:36.0041 0x0d10  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:31:36.0088 0x0d10  AntiVirService - ok
08:31:36.0183 0x0d10  [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
08:31:36.0253 0x0d10  AntiVirWebService - ok
08:31:36.0283 0x0d10  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
08:31:36.0363 0x0d10  AppID - ok
08:31:36.0383 0x0d10  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
08:31:36.0463 0x0d10  AppIDSvc - ok
08:31:36.0503 0x0d10  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
08:31:36.0533 0x0d10  Appinfo - ok
08:31:36.0593 0x0d10  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:31:36.0623 0x0d10  Apple Mobile Device - ok
08:31:36.0683 0x0d10  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
08:31:36.0703 0x0d10  arc - ok
08:31:36.0733 0x0d10  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
08:31:36.0763 0x0d10  arcsas - ok
08:31:36.0913 0x0d10  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:31:36.0943 0x0d10  aspnet_state - ok
08:31:36.0973 0x0d10  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
08:31:37.0053 0x0d10  AsyncMac - ok
08:31:37.0083 0x0d10  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
08:31:37.0103 0x0d10  atapi - ok
08:31:37.0123 0x0d10  AthBTPort - ok
08:31:37.0313 0x0d10  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
08:31:37.0523 0x0d10  athr - ok
08:31:37.0623 0x0d10  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:31:37.0743 0x0d10  AudioEndpointBuilder - ok
08:31:37.0793 0x0d10  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
08:31:37.0903 0x0d10  AudioSrv - ok
08:31:38.0001 0x0d10  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
08:31:38.0061 0x0d10  avgntflt - ok
08:31:38.0121 0x0d10  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
08:31:38.0161 0x0d10  avipbb - ok
08:31:38.0191 0x0d10  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
08:31:38.0221 0x0d10  avkmgr - ok
08:31:38.0261 0x0d10  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
08:31:38.0321 0x0d10  AxInstSV - ok
08:31:38.0391 0x0d10  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
08:31:38.0451 0x0d10  b06bdrv - ok
08:31:38.0491 0x0d10  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
08:31:38.0541 0x0d10  b57nd60a - ok
08:31:38.0611 0x0d10  [ 93EE7D9C35AE7E9FFDA148D7805F1421, 9D88D5CC08F887B35A893FEC80D8CC4A9E4EAAF533E27D0F1B9CC36C171C92DA ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:31:38.0651 0x0d10  BBSvc - ok
08:31:38.0691 0x0d10  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
08:31:38.0731 0x0d10  BDESVC - ok
08:31:38.0761 0x0d10  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
08:31:38.0851 0x0d10  Beep - ok
08:31:38.0931 0x0d10  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
08:31:39.0021 0x0d10  BFE - ok
08:31:39.0101 0x0d10  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
08:31:39.0231 0x0d10  BITS - ok
08:31:39.0261 0x0d10  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
08:31:39.0291 0x0d10  blbdrive - ok
08:31:39.0371 0x0d10  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:31:39.0431 0x0d10  Bonjour Service - ok
08:31:39.0481 0x0d10  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
08:31:39.0531 0x0d10  bowser - ok
08:31:39.0561 0x0d10  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
08:31:39.0601 0x0d10  BrFiltLo - ok
08:31:39.0611 0x0d10  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
08:31:39.0641 0x0d10  BrFiltUp - ok
08:31:39.0651 0x0d10  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
08:31:39.0731 0x0d10  BridgeMP - ok
08:31:39.0781 0x0d10  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
08:31:39.0821 0x0d10  Browser - ok
08:31:39.0861 0x0d10  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
08:31:39.0921 0x0d10  Brserid - ok
08:31:39.0931 0x0d10  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
08:31:39.0971 0x0d10  BrSerWdm - ok
08:31:39.0981 0x0d10  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
08:31:40.0021 0x0d10  BrUsbMdm - ok
08:31:40.0041 0x0d10  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
08:31:40.0071 0x0d10  BrUsbSer - ok
08:31:40.0081 0x0d10  BTATH_A2DP - ok
08:31:40.0091 0x0d10  btath_avdt - ok
08:31:40.0091 0x0d10  BTATH_BUS - ok
08:31:40.0111 0x0d10  BTATH_HCRP - ok
08:31:40.0141 0x0d10  BTATH_LWFLT - ok
08:31:40.0161 0x0d10  BTATH_RCP - ok
08:31:40.0171 0x0d10  BtFilter - ok
08:31:40.0211 0x0d10  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
08:31:40.0251 0x0d10  BthEnum - ok
08:31:40.0261 0x0d10  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
08:31:40.0301 0x0d10  BTHMODEM - ok
08:31:40.0331 0x0d10  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
08:31:40.0381 0x0d10  BthPan - ok
08:31:40.0461 0x0d10  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
08:31:40.0551 0x0d10  BTHPORT - ok
08:31:40.0591 0x0d10  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
08:31:40.0681 0x0d10  bthserv - ok
08:31:40.0721 0x0d10  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
08:31:40.0751 0x0d10  BTHUSB - ok
08:31:40.0801 0x0d10  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
08:31:40.0881 0x0d10  cdfs - ok
08:31:40.0911 0x0d10  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
08:31:40.0951 0x0d10  cdrom - ok
08:31:41.0001 0x0d10  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
08:31:41.0071 0x0d10  CertPropSvc - ok
08:31:41.0101 0x0d10  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
08:31:41.0131 0x0d10  circlass - ok
08:31:41.0171 0x0d10  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
08:31:41.0211 0x0d10  CLFS - ok
08:31:41.0251 0x0d10  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:31:41.0281 0x0d10  clr_optimization_v2.0.50727_32 - ok
08:31:41.0321 0x0d10  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:31:41.0351 0x0d10  clr_optimization_v2.0.50727_64 - ok
08:31:41.0461 0x0d10  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:31:41.0501 0x0d10  clr_optimization_v4.0.30319_32 - ok
08:31:41.0531 0x0d10  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:31:41.0561 0x0d10  clr_optimization_v4.0.30319_64 - ok
08:31:41.0591 0x0d10  [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
08:31:41.0611 0x0d10  clwvd - ok
08:31:41.0641 0x0d10  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
08:31:41.0671 0x0d10  CmBatt - ok
08:31:41.0701 0x0d10  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
08:31:41.0721 0x0d10  cmdide - ok
08:31:41.0771 0x0d10  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
08:31:41.0831 0x0d10  CNG - ok
08:31:41.0871 0x0d10  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
08:31:41.0891 0x0d10  Compbatt - ok
08:31:41.0911 0x0d10  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
08:31:41.0951 0x0d10  CompositeBus - ok
08:31:41.0961 0x0d10  COMSysApp - ok
08:31:41.0991 0x0d10  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
08:31:42.0021 0x0d10  crcdisk - ok
08:31:42.0101 0x0d10  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
08:31:42.0151 0x0d10  CryptSvc - ok
08:31:42.0303 0x0d10  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:31:42.0373 0x0d10  cvhsvc - ok
08:31:42.0423 0x0d10  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
08:31:42.0533 0x0d10  DcomLaunch - ok
08:31:42.0593 0x0d10  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
08:31:42.0693 0x0d10  defragsvc - ok
08:31:42.0723 0x0d10  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
08:31:42.0803 0x0d10  DfsC - ok
08:31:42.0863 0x0d10  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
08:31:42.0913 0x0d10  Dhcp - ok
08:31:42.0943 0x0d10  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
08:31:43.0024 0x0d10  discache - ok
08:31:43.0084 0x0d10  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
08:31:43.0114 0x0d10  Disk - ok
08:31:43.0154 0x0d10  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
08:31:43.0204 0x0d10  Dnscache - ok
08:31:43.0244 0x0d10  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
08:31:43.0344 0x0d10  dot3svc - ok
08:31:43.0374 0x0d10  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
08:31:43.0454 0x0d10  DPS - ok
08:31:43.0484 0x0d10  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
08:31:43.0504 0x0d10  drmkaud - ok
08:31:43.0594 0x0d10  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
08:31:43.0674 0x0d10  DXGKrnl - ok
08:31:43.0724 0x0d10  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
08:31:43.0804 0x0d10  EapHost - ok
08:31:44.0014 0x0d10  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
08:31:44.0284 0x0d10  ebdrv - ok
08:31:44.0344 0x0d10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
08:31:44.0374 0x0d10  EFS - ok
08:31:44.0464 0x0d10  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
08:31:44.0544 0x0d10  ehRecvr - ok
08:31:44.0564 0x0d10  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
08:31:44.0594 0x0d10  ehSched - ok
08:31:44.0684 0x0d10  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
08:31:44.0744 0x0d10  elxstor - ok
08:31:44.0754 0x0d10  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
08:31:44.0784 0x0d10  ErrDev - ok
08:31:44.0854 0x0d10  [ FD621C77B762BF1E5BB1887F02B515DF, 341FD5E708F08A3617FBCB6381DBCC809C66DDD3FFED3256356F4229AE5A3388 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
08:31:44.0894 0x0d10  ETD - ok
08:31:44.0954 0x0d10  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
08:31:45.0064 0x0d10  EventSystem - ok
08:31:45.0084 0x0d10  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
08:31:45.0174 0x0d10  exfat - ok
08:31:45.0194 0x0d10  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
08:31:45.0284 0x0d10  fastfat - ok
08:31:45.0354 0x0d10  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
08:31:45.0424 0x0d10  Fax - ok
08:31:45.0454 0x0d10  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
08:31:45.0484 0x0d10  fdc - ok
08:31:45.0514 0x0d10  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
08:31:45.0594 0x0d10  fdPHost - ok
08:31:45.0604 0x0d10  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
08:31:45.0684 0x0d10  FDResPub - ok
08:31:45.0704 0x0d10  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
08:31:45.0734 0x0d10  FileInfo - ok
08:31:45.0764 0x0d10  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
08:31:45.0854 0x0d10  Filetrace - ok
08:31:45.0874 0x0d10  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
08:31:45.0904 0x0d10  flpydisk - ok
08:31:45.0944 0x0d10  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
08:31:45.0984 0x0d10  FltMgr - ok
08:31:46.0094 0x0d10  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
08:31:46.0224 0x0d10  FontCache - ok
08:31:46.0274 0x0d10  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:31:46.0304 0x0d10  FontCache3.0.0.0 - ok
08:31:46.0334 0x0d10  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
08:31:46.0364 0x0d10  FsDepends - ok
08:31:46.0394 0x0d10  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
08:31:46.0424 0x0d10  Fs_Rec - ok
08:31:46.0474 0x0d10  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
08:31:46.0524 0x0d10  fvevol - ok
08:31:46.0564 0x0d10  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
08:31:46.0584 0x0d10  gagp30kx - ok
08:31:46.0654 0x0d10  [ 521A469CAF61F00E1DE081CC2099C1D6, 5BF39C9797A28674203D5C3D5D942978B9C66F658A43D7696B4BE3E8A7880EB9 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
08:31:46.0684 0x0d10  GameConsoleService - ok
08:31:46.0734 0x0d10  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:31:46.0754 0x0d10  GEARAspiWDM - ok
08:31:46.0844 0x0d10  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
08:31:46.0974 0x0d10  gpsvc - ok
08:31:47.0084 0x0d10  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:31:47.0104 0x0d10  gupdate - ok
08:31:47.0124 0x0d10  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:31:47.0144 0x0d10  gupdatem - ok
08:31:47.0194 0x0d10  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:31:47.0224 0x0d10  gusvc - ok
08:31:47.0254 0x0d10  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
08:31:47.0284 0x0d10  hcw85cir - ok
08:31:47.0324 0x0d10  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:31:47.0394 0x0d10  HdAudAddService - ok
08:31:47.0424 0x0d10  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
08:31:47.0474 0x0d10  HDAudBus - ok
08:31:47.0504 0x0d10  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
08:31:47.0534 0x0d10  HidBatt - ok
08:31:47.0544 0x0d10  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
08:31:47.0574 0x0d10  HidBth - ok
08:31:47.0594 0x0d10  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
08:31:47.0625 0x0d10  HidIr - ok
08:31:47.0655 0x0d10  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
08:31:47.0735 0x0d10  hidserv - ok
08:31:47.0785 0x0d10  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
08:31:47.0825 0x0d10  HidUsb - ok
08:31:47.0855 0x0d10  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
08:31:47.0955 0x0d10  hkmsvc - ok
08:31:47.0978 0x0d10  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:31:48.0028 0x0d10  HomeGroupListener - ok
08:31:48.0068 0x0d10  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:31:48.0108 0x0d10  HomeGroupProvider - ok
08:31:48.0148 0x0d10  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
08:31:48.0168 0x0d10  HpSAMD - ok
08:31:48.0228 0x0d10  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
08:31:48.0358 0x0d10  HTTP - ok
08:31:48.0388 0x0d10  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
08:31:48.0418 0x0d10  hwpolicy - ok
08:31:48.0448 0x0d10  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
08:31:48.0488 0x0d10  i8042prt - ok
08:31:48.0578 0x0d10  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
08:31:48.0628 0x0d10  iaStor - ok
08:31:48.0688 0x0d10  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
08:31:48.0728 0x0d10  iaStorV - ok
08:31:48.0828 0x0d10  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:31:48.0898 0x0d10  idsvc - ok
08:31:48.0938 0x0d10  IEEtwCollectorService - ok
08:31:49.0670 0x0d10  [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
08:31:50.0610 0x0d10  igfx - ok
08:31:50.0690 0x0d10  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
08:31:50.0720 0x0d10  iirsp - ok
08:31:50.0810 0x0d10  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
08:31:50.0890 0x0d10  IKEEXT - ok
08:31:51.0110 0x0d10  [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
08:31:51.0300 0x0d10  IntcAzAudAddService - ok
08:31:51.0360 0x0d10  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
08:31:51.0420 0x0d10  IntcDAud - ok
08:31:51.0440 0x0d10  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
08:31:51.0470 0x0d10  intelide - ok
08:31:51.0520 0x0d10  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
08:31:51.0570 0x0d10  intelppm - ok
08:31:51.0610 0x0d10  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
08:31:51.0700 0x0d10  IPBusEnum - ok
08:31:51.0720 0x0d10  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
08:31:51.0810 0x0d10  IpFilterDriver - ok
08:31:51.0890 0x0d10  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
08:31:51.0950 0x0d10  iphlpsvc - ok
08:31:51.0980 0x0d10  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
08:31:52.0020 0x0d10  IPMIDRV - ok
08:31:52.0060 0x0d10  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
08:31:52.0140 0x0d10  IPNAT - ok
08:31:52.0200 0x0d10  [ 0F261EC4F514926177C70C1832374231, 7E61B89FE2651C0C7951E10454267174550677DEAB1C497571A9B0B583687304 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:31:52.0250 0x0d10  iPod Service - ok
08:31:52.0270 0x0d10  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
08:31:52.0310 0x0d10  IRENUM - ok
08:31:52.0331 0x0d10  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
08:31:52.0352 0x0d10  isapnp - ok
08:31:52.0392 0x0d10  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
08:31:52.0422 0x0d10  iScsiPrt - ok
08:31:52.0452 0x0d10  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
08:31:52.0472 0x0d10  kbdclass - ok
08:31:52.0502 0x0d10  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
08:31:52.0532 0x0d10  kbdhid - ok
08:31:52.0542 0x0d10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
08:31:52.0572 0x0d10  KeyIso - ok
08:31:52.0612 0x0d10  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
08:31:52.0632 0x0d10  KSecDD - ok
08:31:52.0662 0x0d10  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
08:31:52.0692 0x0d10  KSecPkg - ok
08:31:52.0722 0x0d10  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
08:31:52.0802 0x0d10  ksthunk - ok
08:31:52.0842 0x0d10  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
08:31:52.0942 0x0d10  KtmRm - ok
08:31:52.0992 0x0d10  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
08:31:53.0084 0x0d10  LanmanServer - ok
08:31:53.0114 0x0d10  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:31:53.0194 0x0d10  LanmanWorkstation - ok
08:31:53.0224 0x0d10  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
08:31:53.0294 0x0d10  lltdio - ok
08:31:53.0334 0x0d10  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
08:31:53.0434 0x0d10  lltdsvc - ok
08:31:53.0464 0x0d10  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
08:31:53.0534 0x0d10  lmhosts - ok
08:31:53.0614 0x0d10  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:31:53.0664 0x0d10  LMS - ok
08:31:53.0704 0x0d10  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
08:31:53.0724 0x0d10  LSI_FC - ok
08:31:53.0754 0x0d10  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
08:31:53.0774 0x0d10  LSI_SAS - ok
08:31:53.0794 0x0d10  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
08:31:53.0824 0x0d10  LSI_SAS2 - ok
08:31:53.0854 0x0d10  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
08:31:53.0874 0x0d10  LSI_SCSI - ok
08:31:53.0904 0x0d10  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
08:31:53.0994 0x0d10  luafv - ok
08:31:54.0024 0x0d10  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
08:31:54.0054 0x0d10  Mcx2Svc - ok
08:31:54.0094 0x0d10  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
08:31:54.0114 0x0d10  megasas - ok
08:31:54.0154 0x0d10  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
08:31:54.0194 0x0d10  MegaSR - ok
08:31:54.0224 0x0d10  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
08:31:54.0254 0x0d10  MEIx64 - ok
08:31:54.0274 0x0d10  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
08:31:54.0364 0x0d10  MMCSS - ok
08:31:54.0376 0x0d10  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
08:31:54.0456 0x0d10  Modem - ok
08:31:54.0486 0x0d10  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
08:31:54.0516 0x0d10  monitor - ok
08:31:54.0546 0x0d10  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
08:31:54.0566 0x0d10  mouclass - ok
08:31:54.0586 0x0d10  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
08:31:54.0606 0x0d10  mouhid - ok
08:31:54.0636 0x0d10  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
08:31:54.0666 0x0d10  mountmgr - ok
08:31:54.0696 0x0d10  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
08:31:54.0726 0x0d10  mpio - ok
08:31:54.0756 0x0d10  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
08:31:54.0836 0x0d10  mpsdrv - ok
08:31:54.0896 0x0d10  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
08:31:55.0028 0x0d10  MpsSvc - ok
08:31:55.0068 0x0d10  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
08:31:55.0118 0x0d10  MRxDAV - ok
08:31:55.0148 0x0d10  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
08:31:55.0188 0x0d10  mrxsmb - ok
08:31:55.0208 0x0d10  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
08:31:55.0258 0x0d10  mrxsmb10 - ok
08:31:55.0268 0x0d10  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
08:31:55.0298 0x0d10  mrxsmb20 - ok
08:31:55.0328 0x0d10  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
08:31:55.0348 0x0d10  msahci - ok
08:31:55.0388 0x0d10  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
08:31:55.0418 0x0d10  msdsm - ok
08:31:55.0448 0x0d10  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
08:31:55.0478 0x0d10  MSDTC - ok
08:31:55.0528 0x0d10  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
08:31:55.0618 0x0d10  Msfs - ok
08:31:55.0628 0x0d10  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
08:31:55.0708 0x0d10  mshidkmdf - ok
08:31:55.0738 0x0d10  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
08:31:55.0758 0x0d10  msisadrv - ok
08:31:55.0788 0x0d10  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
08:31:55.0878 0x0d10  MSiSCSI - ok
08:31:55.0888 0x0d10  msiserver - ok
08:31:55.0918 0x0d10  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
08:31:55.0988 0x0d10  MSKSSRV - ok
08:31:55.0998 0x0d10  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
08:31:56.0078 0x0d10  MSPCLOCK - ok
08:31:56.0088 0x0d10  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
08:31:56.0158 0x0d10  MSPQM - ok
08:31:56.0198 0x0d10  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
08:31:56.0238 0x0d10  MsRPC - ok
08:31:56.0258 0x0d10  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
08:31:56.0288 0x0d10  mssmbios - ok
08:31:56.0298 0x0d10  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
08:31:56.0383 0x0d10  MSTEE - ok
08:31:56.0394 0x0d10  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
08:31:56.0420 0x0d10  MTConfig - ok
08:31:56.0450 0x0d10  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
08:31:56.0470 0x0d10  Mup - ok
08:31:56.0520 0x0d10  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
08:31:56.0630 0x0d10  napagent - ok
08:31:56.0690 0x0d10  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
08:31:56.0750 0x0d10  NativeWifiP - ok
08:31:56.0840 0x0d10  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
08:31:56.0920 0x0d10  NDIS - ok
08:31:56.0970 0x0d10  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
08:31:57.0060 0x0d10  NdisCap - ok
08:31:57.0090 0x0d10  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
08:31:57.0160 0x0d10  NdisTapi - ok
08:31:57.0180 0x0d10  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
08:31:57.0260 0x0d10  Ndisuio - ok
08:31:57.0280 0x0d10  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
08:31:57.0360 0x0d10  NdisWan - ok
08:31:57.0380 0x0d10  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
08:31:57.0460 0x0d10  NDProxy - ok
08:31:57.0590 0x0d10  [ 87C61A17E908AEF1C63FBAF915C0B452, 75B41D36CC82A7B770B32C8309258C61A705E6F7C12E61404125F76D81BE344E ] NeroMediaHomeService.4 C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
08:31:57.0640 0x0d10  NeroMediaHomeService.4 - ok
08:31:57.0650 0x0d10  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
08:31:57.0730 0x0d10  NetBIOS - ok
08:31:57.0760 0x0d10  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
08:31:57.0850 0x0d10  NetBT - ok
08:31:57.0880 0x0d10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
08:31:57.0900 0x0d10  Netlogon - ok
08:31:57.0950 0x0d10  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
08:31:58.0066 0x0d10  Netman - ok
08:31:58.0122 0x0d10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0162 0x0d10  NetMsmqActivator - ok
08:31:58.0172 0x0d10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0212 0x0d10  NetPipeActivator - ok
08:31:58.0264 0x0d10  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
08:31:58.0374 0x0d10  netprofm - ok
08:31:58.0414 0x0d10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0444 0x0d10  NetTcpActivator - ok
08:31:58.0454 0x0d10  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:58.0494 0x0d10  NetTcpPortSharing - ok
08:31:59.0215 0x0d10  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB, 74E975F3BF39B360C466A0CEEEF545D1B814EE1AEFF6B2FCDD81A33FA276FBF3 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
08:32:00.0025 0x0d10  NETwNs64 - ok
08:32:00.0095 0x0d10  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
08:32:00.0125 0x0d10  nfrd960 - ok
08:32:00.0165 0x0d10  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
08:32:00.0215 0x0d10  NlaSvc - ok
08:32:00.0435 0x0d10  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
08:32:00.0627 0x0d10  NOBU - ok
08:32:00.0677 0x0d10  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
08:32:00.0747 0x0d10  Npfs - ok
08:32:00.0787 0x0d10  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
08:32:00.0867 0x0d10  nsi - ok
08:32:00.0897 0x0d10  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
08:32:00.0967 0x0d10  nsiproxy - ok
08:32:01.0127 0x0d10  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
08:32:01.0247 0x0d10  Ntfs - ok
08:32:01.0277 0x0d10  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
08:32:01.0347 0x0d10  Null - ok
08:32:02.0157 0x0d10  [ 70E89A21827B2669AF906B703C7C48B5, 0049482148124600287D03716497D8E31A42EF39D63EF62EB8CC4A16EE795885 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
08:32:02.0957 0x0d10  nvlddmkm - ok
08:32:03.0007 0x0d10  [ 4B9C0C2BF78289513101EB0D44834701, 4F1BE9507C067A2F5E6F1EB43B7C99EAF9E09445A48E884E90076F73ED8F52A8 ] nvpciflt        C:\windows\system32\DRIVERS\nvpciflt.sys
08:32:03.0017 0x0d10  nvpciflt - ok
08:32:03.0057 0x0d10  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
08:32:03.0110 0x0d10  nvraid - ok
08:32:03.0170 0x0d10  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
08:32:03.0210 0x0d10  nvstor - ok
08:32:03.0300 0x0d10  [ E04FCE1D149CF05C3449E3171F9C3E41, 6BDD089B5A0C03CE1E9F63275AE35B8B66185B3E81DFF97F59423B9C35BEEBA7 ] NVSvc           C:\windows\system32\nvvsvc.exe
08:32:03.0390 0x0d10  NVSvc - ok
08:32:03.0550 0x0d10  [ D96DDEA6C699A99832E0186057801971, 374BB617335CC243F903447194B7EFC63222FD163BB9FA8C87616715C5120BF0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:32:03.0700 0x0d10  nvUpdatusService - ok
08:32:03.0740 0x0d10  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
08:32:03.0780 0x0d10  nv_agp - ok
08:32:03.0790 0x0d10  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
08:32:03.0820 0x0d10  ohci1394 - ok
08:32:03.0850 0x0d10  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:03.0890 0x0d10  ose - ok
08:32:04.0230 0x0d10  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:32:04.0660 0x0d10  osppsvc - ok
08:32:04.0730 0x0d10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
08:32:04.0810 0x0d10  p2pimsvc - ok
08:32:04.0854 0x0d10  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
08:32:04.0902 0x0d10  p2psvc - ok
08:32:04.0942 0x0d10  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
08:32:04.0972 0x0d10  Parport - ok
08:32:05.0002 0x0d10  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
08:32:05.0032 0x0d10  partmgr - ok
08:32:05.0062 0x0d10  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
08:32:05.0112 0x0d10  PcaSvc - ok
08:32:05.0152 0x0d10  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
08:32:05.0192 0x0d10  pci - ok
08:32:05.0222 0x0d10  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
08:32:05.0242 0x0d10  pciide - ok
08:32:05.0282 0x0d10  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
08:32:05.0312 0x0d10  pcmcia - ok
08:32:05.0332 0x0d10  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
08:32:05.0352 0x0d10  pcw - ok
08:32:05.0392 0x0d10  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
08:32:05.0512 0x0d10  PEAUTH - ok
08:32:05.0602 0x0d10  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
08:32:05.0632 0x0d10  PerfHost - ok
08:32:05.0742 0x0d10  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
08:32:05.0912 0x0d10  pla - ok
08:32:05.0982 0x0d10  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
08:32:06.0042 0x0d10  PlugPlay - ok
08:32:06.0072 0x0d10  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
08:32:06.0112 0x0d10  PNRPAutoReg - ok
08:32:06.0152 0x0d10  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
08:32:06.0202 0x0d10  PNRPsvc - ok
08:32:06.0252 0x0d10  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
08:32:06.0362 0x0d10  PolicyAgent - ok
08:32:06.0392 0x0d10  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
08:32:06.0482 0x0d10  Power - ok
08:32:06.0512 0x0d10  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
08:32:06.0582 0x0d10  PptpMiniport - ok
08:32:06.0612 0x0d10  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
08:32:06.0632 0x0d10  Processor - ok
08:32:06.0672 0x0d10  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
08:32:06.0722 0x0d10  ProfSvc - ok
08:32:06.0742 0x0d10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
08:32:06.0782 0x0d10  ProtectedStorage - ok
08:32:06.0822 0x0d10  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
08:32:06.0902 0x0d10  Psched - ok
08:32:07.0012 0x0d10  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
08:32:07.0122 0x0d10  ql2300 - ok
08:32:07.0152 0x0d10  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
08:32:07.0182 0x0d10  ql40xx - ok
08:32:07.0232 0x0d10  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
08:32:07.0282 0x0d10  QWAVE - ok
08:32:07.0312 0x0d10  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
08:32:07.0342 0x0d10  QWAVEdrv - ok
08:32:07.0352 0x0d10  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
08:32:07.0422 0x0d10  RasAcd - ok
08:32:07.0462 0x0d10  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
08:32:07.0532 0x0d10  RasAgileVpn - ok
08:32:07.0552 0x0d10  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
08:32:07.0642 0x0d10  RasAuto - ok
08:32:07.0692 0x0d10  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
08:32:07.0782 0x0d10  Rasl2tp - ok
08:32:07.0832 0x0d10  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
08:32:07.0942 0x0d10  RasMan - ok
08:32:07.0972 0x0d10  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
08:32:08.0052 0x0d10  RasPppoe - ok
08:32:08.0082 0x0d10  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
08:32:08.0153 0x0d10  RasSstp - ok
08:32:08.0193 0x0d10  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
08:32:08.0283 0x0d10  rdbss - ok
08:32:08.0313 0x0d10  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
08:32:08.0343 0x0d10  rdpbus - ok
08:32:08.0363 0x0d10  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
08:32:08.0443 0x0d10  RDPCDD - ok
08:32:08.0463 0x0d10  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
08:32:08.0533 0x0d10  RDPENCDD - ok
08:32:08.0553 0x0d10  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
08:32:08.0623 0x0d10  RDPREFMP - ok
08:32:08.0663 0x0d10  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
08:32:08.0703 0x0d10  RDPWD - ok
08:32:08.0733 0x0d10  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
08:32:08.0773 0x0d10  rdyboost - ok
08:32:08.0803 0x0d10  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
08:32:08.0883 0x0d10  RemoteAccess - ok
08:32:08.0923 0x0d10  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
08:32:09.0013 0x0d10  RemoteRegistry - ok
08:32:09.0053 0x0d10  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
08:32:09.0093 0x0d10  RFCOMM - ok
08:32:09.0163 0x0d10  [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
08:32:09.0193 0x0d10  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
08:32:11.0883 0x0d10  Detect skipped due to KSN trusted
08:32:11.0883 0x0d10  RichVideo - ok
08:32:11.0943 0x0d10  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
08:32:12.0033 0x0d10  RpcEptMapper - ok
08:32:12.0053 0x0d10  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
08:32:12.0083 0x0d10  RpcLocator - ok
08:32:12.0123 0x0d10  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
08:32:12.0233 0x0d10  RpcSs - ok
08:32:12.0273 0x0d10  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
08:32:12.0363 0x0d10  rspndr - ok
08:32:12.0433 0x0d10  [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
08:32:12.0483 0x0d10  RTL8167 - ok
08:32:12.0553 0x0d10  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
08:32:12.0593 0x0d10  rtport - ok
08:32:12.0623 0x0d10  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
08:32:12.0663 0x0d10  SABI - ok
08:32:12.0673 0x0d10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\windows\system32\lsass.exe
08:32:12.0723 0x0d10  SamSs - ok
08:32:12.0763 0x0d10  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
08:32:12.0793 0x0d10  sbp2port - ok
08:32:12.0833 0x0d10  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
08:32:12.0933 0x0d10  SCardSvr - ok
08:32:12.0953 0x0d10  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
08:32:13.0023 0x0d10  scfilter - ok
08:32:13.0133 0x0d10  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
08:32:13.0285 0x0d10  Schedule - ok
08:32:13.0315 0x0d10  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
08:32:13.0385 0x0d10  SCPolicySvc - ok
08:32:13.0425 0x0d10  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
08:32:13.0465 0x0d10  SDRSVC - ok
08:32:13.0635 0x0d10  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
08:32:13.0745 0x0d10  SDScannerService - ok
08:32:13.0925 0x0d10  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
08:32:14.0065 0x0d10  SDUpdateService - ok
08:32:14.0115 0x0d10  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
08:32:14.0145 0x0d10  SDWSCService - ok
08:32:14.0205 0x0d10  [ CC781378E7EDA615D2CDCA3B17829FA4, 137BF83A2A3D69335AD031B8D73473526F782CB8917A34B3CD92F923E7660F2A ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:32:14.0245 0x0d10  SeaPort - ok
08:32:14.0295 0x0d10  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
08:32:14.0365 0x0d10  secdrv - ok
08:32:14.0395 0x0d10  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
08:32:14.0465 0x0d10  seclogon - ok
08:32:14.0485 0x0d10  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
08:32:14.0565 0x0d10  SENS - ok
08:32:14.0575 0x0d10  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
08:32:14.0595 0x0d10  SensrSvc - ok
08:32:14.0635 0x0d10  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
08:32:14.0665 0x0d10  Serenum - ok
08:32:14.0695 0x0d10  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
08:32:14.0735 0x0d10  Serial - ok
08:32:14.0765 0x0d10  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
08:32:14.0795 0x0d10  sermouse - ok
08:32:14.0835 0x0d10  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
08:32:14.0915 0x0d10  SessionEnv - ok
08:32:14.0925 0x0d10  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
08:32:14.0955 0x0d10  sffdisk - ok
08:32:14.0965 0x0d10  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
08:32:14.0995 0x0d10  sffp_mmc - ok
08:32:14.0995 0x0d10  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
08:32:15.0035 0x0d10  sffp_sd - ok
08:32:15.0035 0x0d10  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
08:32:15.0065 0x0d10  sfloppy - ok
08:32:15.0155 0x0d10  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
08:32:15.0227 0x0d10  Sftfs - ok
08:32:15.0327 0x0d10  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:32:15.0387 0x0d10  sftlist - ok
08:32:15.0417 0x0d10  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
08:32:15.0447 0x0d10  Sftplay - ok
08:32:15.0487 0x0d10  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
08:32:15.0507 0x0d10  Sftredir - ok
08:32:15.0537 0x0d10  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
08:32:15.0557 0x0d10  Sftvol - ok
08:32:15.0577 0x0d10  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:32:15.0617 0x0d10  sftvsa - ok
08:32:15.0647 0x0d10  [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv           C:\windows\system32\DRIVERS\SGdrv64.sys
08:32:15.0687 0x0d10  SGDrv - ok
08:32:15.0737 0x0d10  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
08:32:15.0847 0x0d10  SharedAccess - ok
08:32:15.0887 0x0d10  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:32:15.0987 0x0d10  ShellHWDetection - ok
08:32:16.0007 0x0d10  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
08:32:16.0037 0x0d10  SiSRaid2 - ok
08:32:16.0067 0x0d10  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
08:32:16.0107 0x0d10  SiSRaid4 - ok
08:32:16.0147 0x0d10  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:32:16.0197 0x0d10  SkypeUpdate - ok
08:32:16.0238 0x0d10  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
08:32:16.0309 0x0d10  Smb - ok
08:32:16.0359 0x0d10  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
08:32:16.0389 0x0d10  SNMPTRAP - ok
08:32:16.0419 0x0d10  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
08:32:16.0439 0x0d10  spldr - ok
08:32:16.0499 0x0d10  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
08:32:16.0569 0x0d10  Spooler - ok
08:32:16.0799 0x0d10  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
08:32:17.0159 0x0d10  sppsvc - ok
08:32:17.0189 0x0d10  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
08:32:17.0269 0x0d10  sppuinotify - ok
08:32:17.0319 0x0d10  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
08:32:17.0379 0x0d10  srv - ok
08:32:17.0419 0x0d10  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
08:32:17.0479 0x0d10  srv2 - ok
08:32:17.0499 0x0d10  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
08:32:17.0534 0x0d10  srvnet - ok
08:32:17.0571 0x0d10  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
08:32:17.0661 0x0d10  SSDPSRV - ok
08:32:17.0671 0x0d10  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
08:32:17.0751 0x0d10  SstpSvc - ok
08:32:17.0781 0x0d10  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
08:32:17.0801 0x0d10  stexstor - ok
08:32:17.0861 0x0d10  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
08:32:17.0941 0x0d10  stisvc - ok
08:32:17.0971 0x0d10  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
08:32:17.0991 0x0d10  swenum - ok
08:32:18.0041 0x0d10  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
08:32:18.0151 0x0d10  swprv - ok
08:32:18.0246 0x0d10  SWUpdateService - ok
08:32:18.0436 0x0d10  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
08:32:18.0646 0x0d10  SysMain - ok
08:32:18.0696 0x0d10  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
08:32:18.0746 0x0d10  TabletInputService - ok
08:32:18.0786 0x0d10  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
08:32:18.0886 0x0d10  TapiSrv - ok
08:32:18.0906 0x0d10  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
08:32:18.0986 0x0d10  TBS - ok
08:32:19.0156 0x0d10  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
08:32:19.0286 0x0d10  Tcpip - ok
08:32:19.0446 0x0d10  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
08:32:19.0576 0x0d10  TCPIP6 - ok
08:32:19.0626 0x0d10  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
08:32:19.0646 0x0d10  tcpipreg - ok
08:32:19.0676 0x0d10  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
08:32:19.0716 0x0d10  TDPIPE - ok
08:32:19.0736 0x0d10  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
08:32:19.0766 0x0d10  TDTCP - ok
08:32:19.0786 0x0d10  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
08:32:19.0866 0x0d10  tdx - ok
08:32:19.0906 0x0d10  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
08:32:19.0926 0x0d10  TermDD - ok
08:32:20.0006 0x0d10  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
08:32:20.0126 0x0d10  TermService - ok
08:32:20.0146 0x0d10  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
08:32:20.0196 0x0d10  Themes - ok
08:32:20.0219 0x0d10  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
08:32:20.0296 0x0d10  THREADORDER - ok
08:32:20.0316 0x0d10  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
08:32:20.0454 0x0d10  TrkWks - ok
08:32:20.0508 0x0d10  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:32:20.0598 0x0d10  TrustedInstaller - ok
08:32:20.0628 0x0d10  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
08:32:20.0658 0x0d10  tssecsrv - ok
08:32:20.0688 0x0d10  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
08:32:20.0728 0x0d10  TsUsbFlt - ok
08:32:20.0748 0x0d10  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
08:32:20.0768 0x0d10  TsUsbGD - ok
08:32:20.0808 0x0d10  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
08:32:20.0888 0x0d10  tunnel - ok
08:32:20.0908 0x0d10  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
08:32:20.0938 0x0d10  uagp35 - ok
08:32:20.0978 0x0d10  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
08:32:21.0078 0x0d10  udfs - ok
08:32:21.0118 0x0d10  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
08:32:21.0148 0x0d10  UI0Detect - ok
08:32:21.0198 0x0d10  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
08:32:21.0218 0x0d10  uliagpkx - ok
08:32:21.0238 0x0d10  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
08:32:21.0268 0x0d10  umbus - ok
08:32:21.0278 0x0d10  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
08:32:21.0298 0x0d10  UmPass - ok
08:32:21.0518 0x0d10  [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:32:21.0688 0x0d10  UNS - ok
08:32:21.0738 0x0d10  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
08:32:21.0838 0x0d10  upnphost - ok
08:32:21.0878 0x0d10  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
08:32:21.0908 0x0d10  USBAAPL64 - ok
08:32:21.0988 0x0d10  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
08:32:22.0028 0x0d10  usbaudio - ok
08:32:22.0068 0x0d10  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
08:32:22.0138 0x0d10  usbccgp - ok
08:32:22.0168 0x0d10  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
08:32:22.0218 0x0d10  usbcir - ok
08:32:22.0256 0x0d10  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
08:32:22.0280 0x0d10  usbehci - ok
08:32:22.0330 0x0d10  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
08:32:22.0380 0x0d10  usbhub - ok
08:32:22.0400 0x0d10  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
08:32:22.0430 0x0d10  usbohci - ok
08:32:22.0460 0x0d10  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
08:32:22.0490 0x0d10  usbprint - ok
08:32:22.0520 0x0d10  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
08:32:22.0580 0x0d10  usbscan - ok
08:32:22.0610 0x0d10  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
08:32:22.0640 0x0d10  USBSTOR - ok
08:32:22.0670 0x0d10  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
08:32:22.0700 0x0d10  usbuhci - ok
08:32:22.0750 0x0d10  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
08:32:22.0790 0x0d10  usbvideo - ok
08:32:22.0820 0x0d10  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
08:32:22.0900 0x0d10  UxSms - ok
08:32:22.0920 0x0d10  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
08:32:22.0970 0x0d10  VaultSvc - ok
08:32:23.0020 0x0d10  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
08:32:23.0050 0x0d10  vdrvroot - ok
08:32:23.0100 0x0d10  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
08:32:23.0232 0x0d10  vds - ok
08:32:23.0282 0x0d10  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
08:32:23.0312 0x0d10  vga - ok
08:32:23.0332 0x0d10  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
08:32:23.0412 0x0d10  VgaSave - ok
08:32:23.0432 0x0d10  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
08:32:23.0482 0x0d10  vhdmp - ok
08:32:23.0502 0x0d10  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
08:32:23.0522 0x0d10  viaide - ok
08:32:23.0562 0x0d10  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
08:32:23.0602 0x0d10  volmgr - ok
08:32:23.0642 0x0d10  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
08:32:23.0682 0x0d10  volmgrx - ok
08:32:23.0732 0x0d10  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
08:32:23.0792 0x0d10  volsnap - ok
08:32:23.0852 0x0d10  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
08:32:23.0892 0x0d10  vsmraid - ok
08:32:24.0012 0x0d10  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
08:32:24.0202 0x0d10  VSS - ok
08:32:24.0232 0x0d10  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
08:32:24.0262 0x0d10  vwifibus - ok
08:32:24.0302 0x0d10  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
08:32:24.0332 0x0d10  vwififlt - ok
08:32:24.0352 0x0d10  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
08:32:24.0382 0x0d10  vwifimp - ok
08:32:24.0432 0x0d10  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
08:32:24.0542 0x0d10  W32Time - ok
08:32:24.0562 0x0d10  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
08:32:24.0592 0x0d10  WacomPen - ok
08:32:24.0622 0x0d10  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
08:32:24.0702 0x0d10  WANARP - ok
08:32:24.0712 0x0d10  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
08:32:24.0792 0x0d10  Wanarpv6 - ok
08:32:24.0912 0x0d10  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
08:32:25.0042 0x0d10  wbengine - ok
08:32:25.0072 0x0d10  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
08:32:25.0122 0x0d10  WbioSrvc - ok
08:32:25.0172 0x0d10  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
08:32:25.0232 0x0d10  wcncsvc - ok
08:32:25.0252 0x0d10  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:32:25.0282 0x0d10  WcsPlugInService - ok
08:32:25.0312 0x0d10  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
08:32:25.0332 0x0d10  Wd - ok
08:32:25.0412 0x0d10  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
08:32:25.0482 0x0d10  Wdf01000 - ok
08:32:25.0522 0x0d10  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
08:32:25.0572 0x0d10  WdiServiceHost - ok
08:32:25.0582 0x0d10  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
08:32:25.0622 0x0d10  WdiSystemHost - ok
08:32:25.0662 0x0d10  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
08:32:25.0713 0x0d10  WebClient - ok
08:32:25.0743 0x0d10  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
08:32:25.0843 0x0d10  Wecsvc - ok
08:32:25.0853 0x0d10  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
08:32:25.0943 0x0d10  wercplsupport - ok
08:32:25.0983 0x0d10  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
08:32:26.0063 0x0d10  WerSvc - ok
08:32:26.0083 0x0d10  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
08:32:26.0153 0x0d10  WfpLwf - ok
08:32:26.0183 0x0d10  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
08:32:26.0203 0x0d10  WIMMount - ok
08:32:26.0223 0x0d10  WinDefend - ok
08:32:26.0243 0x0d10  WinHttpAutoProxySvc - ok
08:32:26.0293 0x0d10  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
08:32:26.0385 0x0d10  Winmgmt - ok
08:32:26.0535 0x0d10  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
08:32:26.0745 0x0d10  WinRM - ok
08:32:26.0805 0x0d10  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
08:32:26.0845 0x0d10  WinUsb - ok
08:32:26.0915 0x0d10  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
08:32:27.0015 0x0d10  Wlansvc - ok
08:32:27.0075 0x0d10  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:32:27.0095 0x0d10  wlcrasvc - ok
08:32:27.0255 0x0d10  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:32:27.0415 0x0d10  wlidsvc - ok
08:32:27.0435 0x0d10  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
08:32:27.0465 0x0d10  WmiAcpi - ok
08:32:27.0505 0x0d10  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
08:32:27.0555 0x0d10  wmiApSrv - ok
08:32:27.0595 0x0d10  WMPNetworkSvc - ok
08:32:27.0625 0x0d10  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
08:32:27.0655 0x0d10  WPCSvc - ok
08:32:27.0675 0x0d10  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
08:32:27.0715 0x0d10  WPDBusEnum - ok
08:32:27.0745 0x0d10  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
08:32:27.0825 0x0d10  ws2ifsl - ok
08:32:27.0855 0x0d10  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
08:32:27.0905 0x0d10  wscsvc - ok
08:32:27.0915 0x0d10  WSearch - ok
08:32:28.0075 0x0d10  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
08:32:28.0245 0x0d10  wuauserv - ok
08:32:28.0282 0x0d10  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
08:32:28.0322 0x0d10  WudfPf - ok
08:32:28.0392 0x0d10  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
08:32:28.0432 0x0d10  WUDFRd - ok
08:32:28.0472 0x0d10  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
08:32:28.0512 0x0d10  wudfsvc - ok
08:32:28.0562 0x0d10  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
08:32:28.0622 0x0d10  WwanSvc - ok
08:32:28.0672 0x0d10  ================ Scan global ===============================
08:32:28.0692 0x0d10  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
08:32:28.0742 0x0d10  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
08:32:28.0782 0x0d10  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
08:32:28.0812 0x0d10  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
08:32:28.0852 0x0d10  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
08:32:28.0862 0x0d10  [ Global ] - ok
08:32:28.0872 0x0d10  ================ Scan MBR ==================================
08:32:28.0882 0x0d10  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
08:32:29.0502 0x0d10  \Device\Harddisk0\DR0 - ok
08:32:29.0512 0x0d10  ================ Scan VBR ==================================
08:32:29.0512 0x0d10  [ 12DAF88A34F6BBCA003BC600F4B3E7BD ] \Device\Harddisk0\DR0\Partition1
08:32:29.0522 0x0d10  \Device\Harddisk0\DR0\Partition1 - ok
08:32:29.0532 0x0d10  [ 722C8CA0C3066ADB168BDEDE7EDF626E ] \Device\Harddisk0\DR0\Partition2
08:32:29.0542 0x0d10  \Device\Harddisk0\DR0\Partition2 - ok
08:32:29.0562 0x0d10  [ A0812CB5A031E4013F7EEEDDE0A4AEC5 ] \Device\Harddisk0\DR0\Partition3
08:32:29.0562 0x0d10  \Device\Harddisk0\DR0\Partition3 - ok
08:32:29.0562 0x0d10  ================ Scan generic autorun ======================
08:32:30.0332 0x0d10  [ 71BC8F95B5E5AFA85D66881EAF919C6F, AF88E6BDA52BAAAEBC640F21BB7C16F3ED3F4127EFA48E0752A55C3D807D0CA3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
08:32:31.0202 0x0d10  RtHDVCpl - ok
08:32:31.0222 0x0d10  ETDCtrl - ok
08:32:31.0612 0x0d10  [ 5F3939E2FBA9BFE055E545826ACC0D97, C8C3C691B33E3B5F3F0E6FB79996F5753AC69C09827E03BE9FF73A4E6DE9A732 ] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe
08:32:31.0912 0x0d10  Nero MediaHome 4 - ok
08:32:32.0002 0x0d10  [ C26B09276755E0698B31CF0BAE0BF182, A95B567626C0573DF0F136818AA7E487BC4995552E9B7A041437539E49B99473 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
08:32:32.0022 0x0d10  APSDaemon - ok
08:32:32.0062 0x0d10  [ E4401CF27225C1D6E664E86195978562, F572A2757C2A649E25F52F7071E6A2CCF298C60A8F2B15A0E2D800F890C4FD93 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
08:32:32.0092 0x0d10  iTunesHelper - ok
08:32:32.0182 0x0d10  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
08:32:32.0232 0x0d10  avgnt - ok
08:32:32.0494 0x0d10  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
08:32:32.0804 0x0d10  SDTray - ok
08:32:32.0934 0x0d10  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:33.0044 0x0d10  Sidebar - ok
08:32:33.0074 0x0d10  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:33.0114 0x0d10  mctadmin - ok
08:32:33.0194 0x0d10  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:33.0296 0x0d10  Sidebar - ok
08:32:33.0316 0x0d10  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:33.0356 0x0d10  mctadmin - ok
08:32:33.0566 0x0d10  [ D6B3AF9E3CE610B69AB1D38262DAE833, CBE366A5459A651537466B9F5017AB87FA8AD5B28F4FADE3FA66B4D97950B5D7 ] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
08:32:33.0736 0x0d10  Plex Media Server - ok
08:32:34.0967 0x0d10  [ BA5819A23150B3B7C4F94125E7F11E83, 0EAFE4931B4EDD9A67DDCD9DAF83BFD190DADC2FCB149733071F956228E4D1E5 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
08:32:36.0257 0x0d10  Skype - ok
08:32:36.0587 0x0d10  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
08:32:36.0927 0x0d10  Spybot-S&D Cleaning - ok
08:32:37.0067 0x0d10  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:37.0167 0x0d10  Sidebar - ok
08:32:37.0187 0x0d10  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:37.0227 0x0d10  mctadmin - ok
08:32:37.0297 0x0d10  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
08:32:37.0407 0x0d10  Sidebar - ok
08:32:37.0427 0x0d10  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
08:32:37.0472 0x0d10  mctadmin - ok
08:32:37.0477 0x0d10  Waiting for KSN requests completion. In queue: 114
08:32:38.0477 0x0d10  Waiting for KSN requests completion. In queue: 114
08:32:39.0477 0x0d10  Waiting for KSN requests completion. In queue: 114
08:32:40.0517 0x0d10  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
08:32:40.0533 0x0d10  Win FW state via NFP2: enabled
08:32:43.0019 0x0d10  ============================================================
08:32:43.0019 0x0d10  Scan finished
08:32:43.0019 0x0d10  ============================================================
08:32:43.0029 0x1254  Detected object count: 0
08:32:43.0029 0x1254  Actual detected object count: 0
         
das Log von Combofix folgt in der nächsten Antwort
VG Mirko


Alt 10.01.2015, 08:59   #21
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber
und hier das Log von Combofix
Code:
ATTFilter
ComboFix 15-01-08.01 - Luise 10.01.2015   8:43.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.2824 [GMT 1:00]
ausgeführt von:: c:\users\Luise\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-10 bis 2015-01-10  ))))))))))))))))))))))))))))))
.
.
2015-01-10 07:54 . 2015-01-10 07:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-10 07:54 . 2015-01-10 07:54	--------	d-----w-	c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2015-01-10 07:54 . 2015-01-10 07:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-01-09 18:14 . 2015-01-09 18:14	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-01-08 17:55 . 2015-01-09 18:15	--------	d-----w-	c:\users\TEMP
2015-01-07 16:57 . 2015-01-07 16:57	--------	d-----w-	c:\windows\ERUNT
2015-01-07 16:46 . 2015-01-07 16:49	--------	d-----w-	C:\AdwCleaner
2015-01-07 16:26 . 2015-01-07 16:27	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-07 16:25 . 2015-01-07 16:25	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 16:25 . 2015-01-07 16:25	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-07 16:25 . 2014-11-21 05:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-07 16:25 . 2014-11-21 05:14	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-07 16:25 . 2014-11-21 05:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-06 17:55 . 2015-01-06 17:55	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-01-04 20:57 . 2015-01-04 20:56	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-01-04 20:57 . 2015-01-04 20:56	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-01-04 20:57 . 2015-01-04 20:56	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-01-04 19:23 . 2015-01-07 20:13	--------	d-----w-	C:\FRST
2015-01-04 18:38 . 2015-01-07 16:39	--------	d-----w-	c:\users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 18:38 . 2015-01-07 16:39	--------	d-----w-	c:\programdata\Nico Mak Computing
2015-01-03 17:16 . 2015-01-03 17:16	--------	d-----w-	c:\users\Luise\AppData\Roaming\Tific
2015-01-03 17:13 . 2015-01-03 17:13	--------	d-----w-	c:\users\Luise\AppData\Local\Symantec
2015-01-01 19:22 . 2015-01-01 19:22	2123264	----a-w-	c:\users\Luise\AppData\Roaming\Microsoft\Windows\Network Shortcuts\FRST64.exe
2015-01-01 17:15 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2015-01-01 17:15 . 2015-01-01 18:09	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2015-01-01 17:15 . 2015-01-01 17:18	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2015-01-01 17:14 . 2015-01-01 17:14	--------	d-----w-	c:\users\Luise\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-16 16:47 . 2013-10-23 18:04	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2011-11-26 2699344]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924064]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2012-02-28 5178664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-27 702768]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
E-POP.lnk - c:\program files (x86)\Samsung\E-POP\E-POP.exe [2012-8-2 1786248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52068243
*Deregistered* - 52068243
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-14 17:16	1087816	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 18:58]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 17:06]
.
2015-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-52068243.sys
SafeBoot-80900510.sys
AddRemove-Doxillion - c:\program files (x86)\NCH Software\Doxillion\doxillion.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-10  08:58:47
ComboFix-quarantined-files.txt  2015-01-10 07:58
ComboFix2.txt  2015-01-06 18:19
.
Vor Suchlauf: 14 Verzeichnis(se), 114.846.126.080 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 114.627.956.736 Bytes frei
.
- - End Of File - - F6B0F0F00627D9BE36B0AEC8814802DB
         
VG Mirko

Alt 10.01.2015, 11:59   #22
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 14:39   #23
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo
mbam:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.01.2015
Suchlauf-Zeit: 13:39:41
Logdatei: mbam1.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.10.11
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Luise

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 460381
Verstrichene Zeit: 32 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Adwcleaner
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 10/01/2015 um 14:20:54
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Luise - LUISE-PC
# Gestartet von : C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [5227 octets] - [07/01/2015 17:46:42]
AdwCleaner[R1].txt - [894 octets] - [10/01/2015 14:18:11]
AdwCleaner[S0].txt - [4929 octets] - [07/01/2015 17:49:06]
AdwCleaner[S1].txt - [816 octets] - [10/01/2015 14:20:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [875 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luise on 10.01.2015 at 14:28:14,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2015 at 14:31:37,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und das FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 10-01-2015 14:36:02
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 14:31 - 2015-01-10 14:31 - 00000894 _____ () C:\Users\Luise\Desktop\JRT.txt
2015-01-10 14:25 - 2015-01-10 14:25 - 00000954 _____ () C:\Users\Luise\Desktop\AdwCleaner[S1].txt
2015-01-10 14:16 - 2015-01-10 14:16 - 00001204 _____ () C:\Users\Luise\Desktop\mbam1.txt
2015-01-10 13:36 - 2015-01-10 13:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luise\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-10 08:58 - 2015-01-10 08:58 - 00019141 _____ () C:\ComboFix.txt
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 18:56 - 2015-01-09 19:18 - 00000000 ____D () C:\Users\TEMP.Luise-PC
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Verlauf
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Anwendungsdaten
2015-01-08 18:55 - 2015-01-09 19:15 - 00000000 ____D () C:\Users\TEMP
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-08 18:49 - 2015-01-08 18:49 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Luise\Desktop\tdsskiller.exe
2015-01-08 18:44 - 2015-01-08 18:44 - 00000000 _____ () C:\Users\Luise\Desktop\tdsskiller_exe.cvh5o0v.partial
2015-01-07 21:07 - 2015-01-07 21:08 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-07 19:21 - 2015-01-07 19:24 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-07 18:12 - 2015-01-07 18:12 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 18:10 - 2015-01-07 21:13 - 00039782 _____ () C:\Users\Luise\Desktop\Addition.txt
2015-01-07 18:09 - 2015-01-10 14:37 - 00015071 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-07 18:09 - 2015-01-07 18:09 - 00000000 ____D () C:\Users\Luise\Desktop\FRST-OlderVersion
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:55 - 2015-01-07 17:55 - 01707939 _____ (Thisisu) C:\Users\Luise\Desktop\JRT.exe
2015-01-07 17:46 - 2015-01-10 14:20 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:44 - 2015-01-07 17:44 - 02173952 _____ () C:\Users\Luise\Desktop\AdwCleaner_4.106.exe
2015-01-07 17:39 - 2015-01-07 17:39 - 00001202 _____ () C:\Users\Luise\Desktop\mbam.txt
2015-01-07 17:26 - 2015-01-10 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-10 08:58 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 19:04 - 2015-01-10 08:40 - 05609736 ____R (Swearware) C:\Users\Luise\Desktop\ComboFix.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luise\Desktop\revosetup95.exe
2015-01-06 18:55 - 2015-01-06 18:55 - 00001264 _____ () C:\Users\Luise\Desktop\Revo Uninstaller.lnk
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-10 14:36 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 14:30 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:30 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:26 - 2012-03-08 23:10 - 01531709 _____ () C:\windows\WindowsUpdate.log
2015-01-10 14:24 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-10 14:24 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-10 14:24 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-10 14:23 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 14:21 - 2012-09-16 14:43 - 00023895 _____ () C:\windows\setupact.log
2015-01-10 14:21 - 2010-11-21 04:47 - 00749398 _____ () C:\windows\PFRO.log
2015-01-10 14:21 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 14:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 13:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 08:54 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-10 08:40 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-09 19:14 - 2012-08-02 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\SoftGrid Client
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe
C:\Users\Luise\AppData\Local\Temp\Quarantine.exe
C:\Users\Luise\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---

plus additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-10 14:37:22
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version:  - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-10-2014 18:04:42 Geplanter Prüfpunkt
01-01-2015 17:39:10 Installed SW Update
01-01-2015 19:10:55 Säuberung (Spybot - Search & Destroy 2.4, Administratorrechte)
06-01-2015 18:57:09 Revo Uninstaller's restore point - Ask Toolbar
06-01-2015 19:01:29 Revo Uninstaller's restore point - Ask Toolbar Updater
10-01-2015 08:41:13 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-23 18:11:04.363
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-23 18:11:04.202
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 38%
Total physical RAM: 4009.55 MB
Available physical RAM: 2476.77 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 6217.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:106.32 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)

==================== End Of Log ============================
         
VG Mirko

Alt 10.01.2015, 15:58   #24
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 23:19   #25
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber -- 2 Bedrohungen bei ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dd40bc6c397d584a82791a79bec9c49a
# engine=21902
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 07:13:58
# local_time=2015-01-10 08:13:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 24255 39491996 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 38455612 172547088 0 0
# scanned=228241
# found=2
# cleaned=0
# scan_time=14468
sh=B58D5AA8A12DDB74DDE97C9541B2242941BA4E3B ft=1 fh=77045453f77bcb91 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=E25EDA782B23085570F643F6D9FC95F3540D3905 ft=1 fh=505f46cb9dc52e14 vn="Variante von Win64/Rootkit.Kryptik.Z Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\09.01.2015_19.10.08\necurs0000\svc0000\tsk0000.dta"
         
und security check:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Google Chrome 37.0.2062.124  Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 10-01-2015 23:16:38
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 23:16 - 2015-01-10 23:17 - 00015462 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-10 23:12 - 2015-01-10 23:12 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-10 16:10 - 2015-01-10 16:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-10 16:09 - 2015-01-10 16:09 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-10 08:58 - 2015-01-10 08:58 - 00019141 _____ () C:\ComboFix.txt
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 18:56 - 2015-01-09 19:18 - 00000000 ____D () C:\Users\TEMP.Luise-PC
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Verlauf
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Anwendungsdaten
2015-01-08 18:55 - 2015-01-09 19:15 - 00000000 ____D () C:\Users\TEMP
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-07 18:12 - 2015-01-10 23:16 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:46 - 2015-01-10 14:20 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:26 - 2015-01-10 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-10 08:58 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-10 23:16 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 23:15 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 23:08 - 2012-03-08 23:10 - 01641394 _____ () C:\windows\WindowsUpdate.log
2015-01-10 22:43 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 18:15 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 16:08 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:44 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-10 14:43 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-10 14:42 - 2012-09-16 14:43 - 00023951 _____ () C:\windows\setupact.log
2015-01-10 14:42 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-10 14:21 - 2010-11-21 04:47 - 00749398 _____ () C:\windows\PFRO.log
2015-01-10 08:54 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-10 08:40 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-09 19:14 - 2012-08-02 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\SoftGrid Client
2015-01-07 17:41 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe
C:\Users\Luise\AppData\Local\Temp\Quarantine.exe
C:\Users\Luise\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---

+ Additional
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by Luise at 2015-01-10 23:17:52
Running from C:\Users\Luise\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Doxillion Dokumentkonverter (HKLM-x32\...\Doxillion) (Version: 2.15 - NCH Software)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
ETDWare PS/2-X64 10.7.12.6_WHQL (HKLM\...\Elantech) (Version: 10.7.12.6 - ELAN Microelectronic Corp.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haack Weltatlas (HKLM-x32\...\Haack Weltatlas) (Version:  - Klett)
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iPhone-Konfigurationsprogramm (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.6.0.0 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
Nero MediaHome 4 Essentials (HKLM-x32\...\{e76db74a-ced0-4a71-af7f-75b15cc007a7}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-10-2014 18:04:42 Geplanter Prüfpunkt
01-01-2015 17:39:10 Installed SW Update
01-01-2015 19:10:55 Säuberung (Spybot - Search & Destroy 2.4, Administratorrechte)
06-01-2015 18:57:09 Revo Uninstaller's restore point - Ask Toolbar
06-01-2015 19:01:29 Revo Uninstaller's restore point - Ask Toolbar Updater
10-01-2015 08:41:13 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0689F21A-660B-411D-AE0F-EC98EB3C636C} - System32\Tasks\{F698412C-12E2-4DA5-B8E7-A3EF2C58F7CD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?page=tsProgressBar
Task: {130B57B9-642D-4F80-8F3D-55D29054A3E1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {16CC087B-529E-43DD-BF23-A3D9490122E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2CD9E23B-060B-4D1D-9FB3-C5EED67EA6FC} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DCA6A26-767C-43C8-A539-843910FC94AA} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3047A8CF-B3D9-4D1A-8EF0-98F69D63A5BC} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {3DAF52F6-78F9-4CF0-AF51-75474FA2FAB7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {40E5D31B-E622-44E7-8F26-3C3753213D87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EC56EEA-8DD1-4558-90D1-D9B2D8F8C48B} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {535E03CD-AE1D-43E6-87F9-A98882317041} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {5485E35B-8143-43C2-874F-8F9BE76BC439} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {554A0BBE-7F66-440E-A3F1-5FA287B244F5} - System32\Tasks\{E0A6B00E-50C3-486F-B01F-AD5D82358E3F} => pcalua.exe -a C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE\SetupX.exe -d C:\Users\Luise\Desktop\NMH-4.5.20.45_LGE
Task: {70DB57F1-6C06-4860-B76C-54674063CF3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {8BB8AF13-BD0B-4FB9-B960-CCF99DA3F9E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A6F5960B-B546-4154-B671-7FCB55CDE0CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {B5595A96-121A-478A-A8B8-41FB5654A4E2} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {BBD090E8-527F-476B-B50B-47475A65CD20} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {C3212A58-152D-45EB-A33A-223FF4628A53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-14] (Google Inc.)
Task: {F02744B9-B972-450E-B54F-4BC8DBB06B8A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {F85DE55C-9F1D-4053-AD0B-491F4BA07A8F} - System32\Tasks\{4722CA9D-27E7-4C13-A39E-831587D3654C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar
Task: {FA433E34-C4EE-40C3-BB2B-966CC2DD94FC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-03-08 07:45 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-01 18:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-01 18:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_Magick++_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CORE_RL_lcms_.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-03-08 06:40 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2015-01-01 18:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-01 18:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-03-08 06:40 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-03-08 06:50 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1656143743-13120863-1912775482-500 - Administrator - Disabled)
Gast (S-1-5-21-1656143743-13120863-1912775482-501 - Limited - Disabled)
Luise (S-1-5-21-1656143743-13120863-1912775482-1001 - Administrator - Enabled) => C:\Users\Luise
NeroMediaHomeUser.4 (S-1-5-21-1656143743-13120863-1912775482-1004 - Limited - Enabled) => C:\Users\NeroMediaHomeUser.4
UpdatusUser (S-1-5-21-1656143743-13120863-1912775482-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2015 11:12:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 09:01:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 04:10:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 04:10:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 04:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 04:09:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3243791

Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3243791

Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 02:49:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017


System errors:
=============
Error: (01/10/2015 02:44:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/10/2015 02:44:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/10/2015 02:44:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nero MediaHome 4 Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/10/2015 02:44:11 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.


Microsoft Office Sessions:
=========================
Error: (01/10/2015 11:12:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/10/2015 09:01:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/10/2015 04:10:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/10/2015 04:10:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/10/2015 04:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/10/2015 04:09:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Luise\Desktop\esetsmartinstaller_deu.exe

Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3243791

Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3243791

Error: (01/10/2015 04:08:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2015 02:49:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017


CodeIntegrity Errors:
===================================
  Date: 2014-06-23 18:11:04.363
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-06-23 18:11:04.202
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\de1710e0.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 38%
Total physical RAM: 4009.55 MB
Available physical RAM: 2461.08 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5859.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:105.85 GB) NTFS
Drive d: () (Fixed) (Total:265.39 GB) (Free:265.12 GB) NTFS
Drive e: (PTE0EGW1) (CDROM) (Total:7.15 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3882832C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=177 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.4 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)

==================== End Of Log ============================
         
VG Mirko

Alt 11.01.2015, 08:19   #26
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Frisches FRST Log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.01.2015, 09:41   #27
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,
anbei die Logs
Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Luise at 2015-01-11 09:30:21 Run:1
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
Emptytemp:
*****************


Der Vorgang wurde erfolgreich beendet.
EmptyTemp: => Removed 953.7 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:31:34 ====
         
und das FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Luise (administrator) on LUISE-PC on 11-01-2015 09:38:18
Running from C:\Users\Luise\Desktop
Loaded Profiles: UpdatusUser & Luise & NeroMediaHomeUser.4 (Available profiles: UpdatusUser & Luise & NeroMediaHomeUser.4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-12] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [Nero MediaHome 4] => C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2012-02-28] (Nero AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POP.lnk
ShortcutTarget: E-POP.lnk -> C:\Program Files (x86)\Samsung\E-POP\E-POP.exe (Samsung Electronics CO., LTD.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1656143743-13120863-1912775482-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1656143743-13120863-1912775482-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1656143743-13120863-1912775482-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1656143743-13120863-1912775482-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-28]
CHR Extension: (Google-Suche) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-28]
CHR Extension: (Google Mail) - C:\Users\Luise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-27] (Avira Operations GmbH & Co. KG)
S2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2012-02-28] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2015-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-01-04] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-05-17] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 BtFilter; system32\DRIVERS\btfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 23:17 - 2015-01-10 23:18 - 00037210 _____ () C:\Users\Luise\Desktop\Addition.txt
2015-01-10 23:16 - 2015-01-11 09:38 - 00015393 _____ () C:\Users\Luise\Desktop\FRST.txt
2015-01-10 23:12 - 2015-01-10 23:12 - 00852505 _____ () C:\Users\Luise\Desktop\SecurityCheck.exe
2015-01-10 16:09 - 2015-01-10 16:09 - 02347384 _____ (ESET) C:\Users\Luise\Desktop\esetsmartinstaller_deu.exe
2015-01-10 08:58 - 2015-01-10 08:58 - 00019141 _____ () C:\ComboFix.txt
2015-01-09 19:14 - 2015-01-09 19:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-08 18:56 - 2015-01-09 19:18 - 00000000 ____D () C:\Users\TEMP.Luise-PC
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Verlauf
2015-01-08 18:56 - 2015-01-08 18:56 - 00000000 _SHDL () C:\Users\TEMP.Luise-PC\AppData\Local\Anwendungsdaten
2015-01-08 18:55 - 2015-01-09 19:15 - 00000000 ____D () C:\Users\TEMP
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik
2015-01-08 18:55 - 2015-01-08 18:55 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder
2015-01-07 18:12 - 2015-01-10 23:16 - 00000000 ____D () C:\Users\Luise\Desktop\Trojaner Entfernung
2015-01-07 17:57 - 2015-01-07 17:57 - 00000000 ____D () C:\windows\ERUNT
2015-01-07 17:46 - 2015-01-10 14:20 - 00000000 ____D () C:\AdwCleaner
2015-01-07 17:26 - 2015-01-10 13:39 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-07 17:25 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-07 17:25 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-06 19:07 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-06 19:07 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-06 19:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-06 19:07 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-06 19:06 - 2015-01-10 08:58 - 00000000 ____D () C:\Qoobox
2015-01-06 19:06 - 2015-01-06 19:17 - 00000000 ____D () C:\windows\erdnt
2015-01-06 18:55 - 2015-01-06 18:55 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-06 18:53 - 2015-01-07 18:09 - 02124288 _____ (Farbar) C:\Users\Luise\Desktop\FRST64.exe
2015-01-04 21:57 - 2015-01-04 21:56 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-01-04 21:57 - 2015-01-04 21:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-01-04 20:23 - 2015-01-11 09:38 - 00000000 ____D () C:\FRST
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Nico Mak Computing
2015-01-04 19:38 - 2015-01-07 17:39 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2015-01-03 18:16 - 2015-01-03 18:16 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Tific
2015-01-03 18:13 - 2015-01-03 18:13 - 00000000 ____D () C:\Users\Luise\AppData\Local\Symantec
2015-01-01 18:16 - 2015-01-01 18:16 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-01 18:15 - 2015-01-01 19:09 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-01 18:15 - 2015-01-01 18:18 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2015-01-01 18:15 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-01 18:15 - 2015-01-01 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-01 18:15 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-01 17:40 - 2015-01-01 17:40 - 00003042 _____ () C:\windows\System32\Tasks\SAgent
2015-01-01 17:40 - 2015-01-01 17:40 - 00001946 _____ () C:\Users\Public\Desktop\SW Update.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-11 09:35 - 2013-05-28 19:25 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-11 09:35 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-11 09:34 - 2013-05-01 18:23 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\CrashDumps
2015-01-11 09:34 - 2009-07-14 06:08 - 00032554 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-11 09:33 - 2012-11-10 16:19 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-11 09:32 - 2012-09-16 14:43 - 00024007 _____ () C:\windows\setupact.log
2015-01-11 09:31 - 2012-03-08 23:10 - 01656553 _____ () C:\windows\WindowsUpdate.log
2015-01-11 09:27 - 2013-05-28 19:25 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-11 09:26 - 2013-05-28 19:25 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 16:08 - 2012-08-11 13:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\Skype
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 16:08 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 14:21 - 2010-11-21 04:47 - 00749398 _____ () C:\windows\PFRO.log
2015-01-10 08:54 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-01-10 08:40 - 2012-08-23 19:06 - 00000000 ____D () C:\Users\Luise\AppData\Local\CrashDumps
2015-01-09 19:14 - 2012-08-02 19:38 - 00000000 ____D () C:\Users\Luise\AppData\Roaming\SoftGrid Client
2015-01-07 17:40 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\security
2015-01-01 17:42 - 2012-08-02 19:36 - 00000000 ____D () C:\Users\Luise\AppData\Local\Samsung
2015-01-01 17:41 - 2012-03-08 06:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2015-01-01 17:40 - 2012-03-08 06:52 - 00000000 ____D () C:\Program Files\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-01 17:40 - 2012-03-08 06:38 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-01 17:29 - 2012-03-08 22:43 - 00705596 _____ () C:\windows\system32\perfh007.dat
2015-01-01 17:29 - 2012-03-08 22:43 - 00151060 _____ () C:\windows\system32\perfc007.dat
2015-01-01 17:29 - 2009-07-14 06:13 - 01634438 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-14 18:16 - 2013-05-28 19:26 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-14 18:10 - 2013-05-28 19:25 - 00004106 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-14 18:10 - 2013-05-28 19:25 - 00003854 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Luise\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 10:53

==================== End Of Log ============================
         
--- --- ---


VG Mirko

Alt 11.01.2015, 09:59   #28
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.01.2015, 21:36   #29
lumija
 
TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Hallo Schrauber,
Sorry das ich erst jetzt schaffe -- hatte aber vorher keine Zeit.
alles geschafft, alles super, dafür vielen lieben Dank.
Wie heißt das so schön "Äußerst zufrieden"

Viele Grüße Mirko

Alt 14.01.2015, 08:19   #30
schrauber
/// the machine
/// TB-Ausbilder
 

TR/Crypt.EPACK.20167 --  lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Standard

TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren
adware, aktiviere, aktivieren, andere, avira, beiträge, hallo zusammen, hoffe, löschen, neu, neue, neuen, nicht löschen, nichts, norton, registry, scan, scanner, suche, thread, tools, troja, trojaner, zusammen, öffnen



Ähnliche Themen: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren


  1. McAfee: Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 04.09.2015 (10)
  2. Windows7 taskmgr lässt sich nicht starten, Avira Echtzeitscanner lässt sich nicht aktivieren, USB wird nicht angenommen, ohne Meldung,
    Log-Analyse und Auswertung - 01.06.2015 (15)
  3. Windows 7: Avira Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 26.03.2015 (13)
  4. Antivir Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 13.01.2015 (19)
  5. Windows XP: Avira Echtzeitscanner lässt sich nicht aktivieren / AVG Residente Komponente inaktiv
    Log-Analyse und Auswertung - 12.08.2014 (9)
  6. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  7. Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'
    Log-Analyse und Auswertung - 04.06.2014 (15)
  8. Echtzeitscanner lässt sich nicht aktivieren - weisser Desktopbildschirm
    Log-Analyse und Auswertung - 17.09.2012 (16)
  9. Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 11.09.2012 (11)
  10. Trojeaner TR/Crypt.fkm.gen lässt sich durch AntiVir nicht löschen
    Log-Analyse und Auswertung - 16.10.2011 (3)
  11. TR/crypt.ZPACK.gen lässt sich nicht endgültig löschen!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (24)
  12. Sicherheitscenter lässt sich nicht aktivieren/deaktiviert sich sofort wieder
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (26)
  13. TR/Crypt.ZPACK.Gen lässt sich nicht vom System löschen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (2)
  14. Trojaner TR/Crypt.XPACK.Gen2 lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (1)
  15. TR/Crypt.ZPACK.Gen von Antivir entdeckt. Lässt sich nicht löschen.
    Plagegeister aller Art und deren Bekämpfung - 10.11.2009 (10)
  16. Trojaner TR/Crypt.XPACK.Gen lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 30.03.2008 (42)
  17. TR/Crypt.XPACK.Gen lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 01.06.2007 (28)

Zum Thema TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren - Zitat: 19:03:50.0303 0x0a9c 6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - skipped by user 19:03:50.0303 0x0a9c 6ab48a75c5156135 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User - TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren...
Archiv
Du betrachtest: TR/Crypt.EPACK.20167 -- lässt sich nicht löschen -- Echtzeitscanner lässt sich nicht aktivieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.