Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.02.2015, 19:02   #1
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Hallo erstmal,

Vor ein paar Tagen öffnete meine Frau, in meiner Abwesenheit, eine dieser "Mahn-Emails", worauf irgendwas den Rechner infizierte.
Zu diesem Punkt hatte ich Avira Antivir installiert, welches aber erst bei einem Suchlaufs etwas fand. Leider wurde durch den Fund Avira geblockt und quittierte den Dienst.

Also hatte ich Avira deinstalliert und Microsoft Security Essentials installiert. Suchlauf gestartet, mehrere Sachen gefunden. Leider kann ich ich die Log-Dateien nicht finden.

Danach habe Malwarebytes Anti-Malware laufen lassen

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.01.2015
Suchlauf-Zeit: 15:18:06
Logdatei: mwb-log.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.28.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Arty

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336013
Verstrichene Zeit: 11 Min, 37 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 3
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\last_name, In Quarantäne, [675f877529608caacd03a36e986a6d93], 
Trojan.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\file_type, In Quarantäne, [6d59b74511785fd71c7844bc7290659b], 
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\product_group, In Quarantäne, [933300fc20690333f6da848dab57b050], 

Registrierungswerte: 1
Trojan.Agent.STPD, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cash_flow, C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\standard_account\slide.exe, In Quarantäne, [3f8742ba8207fd39a29356bd30d26d93]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 5
Trojan.Agent.STPD, C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\standard_account\slide.exe, In Quarantäne, [3f8742ba8207fd39a29356bd30d26d93], 
Trojan.Agent.ED, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\AUTHORITY_KEY_IDENTIFIER.EXE, In Quarantäne, [675f877529608caacd03a36e986a6d93], 
Trojan.Downloader, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\account.exe, In Quarantäne, [6d59b74511785fd71c7844bc7290659b], 
Trojan.Agent.ED, C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\windows_installer\GLYPH_RUN.EXE, In Quarantäne, [933300fc20690333f6da848dab57b050], 
Trojan.Downloader, C:\Users\Arty\AppData\Local\Temp\{0000062D-3234-BE}, In Quarantäne, [9d2922da96f355e13460b848857db848], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Mittlerweile wurde mein Zugang ein zweites Mal gesperrt, aber weder Malwarebytes, noch MSE finden etwas.
Somit hoffe ich hier auf Hilfe

FRST-Log

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Arty (administrator) on ARTY-PC on 05-02-2015 17:27:28
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\...\Run: [authenticator] => C:\ProgramData\Battle.net\Agent\Agent.3634\Logs\proxy\social.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-25] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF SelectedSearchEngine: Search
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml

Chrome: 
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpD586.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-05 17:27 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-02-02 09:28 - 2015-02-02 09:28 - 00005615 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-03 10:48 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
2015-01-08 19:45 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-08 17:49 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 14:11 - 2015-01-09 03:35 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-08 13:40 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-08 09:30 - 2015-01-13 12:15 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-08 09:13 - 2015-01-29 20:14 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-01-07 17:21 - 2015-01-07 17:21 - 00000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiffex
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\VSTplugins
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\Audiffex
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\IO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 17:22 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 17:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 17:10 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 17:10 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 17:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 15:38 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-05 15:30 - 2014-10-23 19:47 - 01051625 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 14:12 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-05 03:40 - 2014-10-23 21:00 - 00048299 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-05 03:38 - 2009-07-14 05:51 - 00113342 _____ () C:\Windows\setupact.log
2015-02-05 03:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 22:23 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-04 01:10 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-04 01:02 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-03 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-03 10:48 - 2014-10-23 20:54 - 00337238 _____ () C:\Windows\PFRO.log
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-02-02 09:31 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-02 09:28 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-02 09:28 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-31 07:08 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-25 01:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 01:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 01:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-02 09:28 - 2015-02-02 09:28 - 0005615 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\AutoWifi.exe
C:\Users\Arty\AppData\Local\Temp\avgnt.exe
C:\Users\Arty\AppData\Local\Temp\devcon64.exe
C:\Users\Arty\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\SHSetup.exe
C:\Users\Arty\AppData\Local\Temp\sonarinst.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll
C:\Users\Arty\AppData\Local\Temp\sqlite3.exe
C:\Users\Arty\AppData\Local\Temp\tmp9DA5.exe
C:\Users\Arty\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2015-02-03 08:41

==================== End Of Log ============================
         
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Arty at 2015-02-05 04:11:38
Running from C:\Users\Arty\Desktop\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Among the Sleep (HKLM-x32\...\Steam App 250620) (Version:  - Krillbite Studio)
ampLion Free 64b 1.1.0 (HKLM\...\{C2953B54-6E35-4ed6-C589-48E7BBDA6575}_is1) (Version:  - Audiffex)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version:  - )
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.4 - GPL Public release.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dxtory version 2.0.126 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.126 - ExKode Co. Ltd.)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version:  - InPlay Interactive)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9A37ADB3-3D8D-4EDF-8F6D-B8A66F18087B}) (Version: 5.0.10.2793 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version:  - Traveller's Tales)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
MagicYUV Lossless Video Codec version 1.0 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 1.0 - INNOMAGIC, Ltd.)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{1B46FA48-1BEA-4398-BF8A-0F606A9EA782}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 Plus (HKLM\...\MX.{B50BBED4-5101-45A1-BA9D-93AEF3A638E3}) (Version: 14.0.0.159 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 Plus (Version: 14.0.0.159 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.025 - MSI)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Copperhead (HKLM-x32\...\{28A946E1-E83B-4662-BC7C-23451851489E}) (Version: 6.10 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Resident Evil / biohazard HD REMASTER (HKLM-x32\...\Steam App 304240) (Version:  - CAPCOM Co., Ltd.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
SagaraS Scriptmaker v5.6 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-768761217-1181827061-3865430075-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-768761217-1181827061-3865430075-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

28-01-2015 15:43:41 Windows Update
01-02-2015 06:45:54 Windows Update
02-02-2015 10:23:38 DirectX wurde installiert
03-02-2015 12:36:43 Avira EU-Cleaner - 03.02.2015 12:36

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2144AF35-9A61-4236-868A-164DDB87472E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {2840841F-6082-40BA-B7AE-C003CAFF599D} - System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {32D56694-C619-4102-9B72-B207A3FEA265} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {7BB71679-3B53-4C39-ABEA-E42E567F6B67} - System32\Tasks\PCMeter\Startup => C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe [2014-10-23] (AddGadgets)
Task: {8878DC36-76C2-4F46-895F-9D4EA962A921} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {91E6A5E0-9426-436D-B859-221D8F5CA69F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {DA5AAAB9-BCFE-4F15-AFDD-DC68FA604A12} - System32\Tasks\{5E1338CB-AEDD-435A-87E5-1E5F3BD60E48} => pcalua.exe -a C:\Users\Arty\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00209712 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00037168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-21 08:47 - 2014-02-21 08:47 - 00057648 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-11-10 17:50 - 2014-11-10 17:50 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-16 22:02 - 2014-09-16 22:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00012520 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00015080 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2014-10-23 21:21 - 2014-10-23 21:21 - 00014056 _____ () C:\Users\Arty\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-10-27 09:22 - 2009-11-19 18:43 - 00135168 _____ () C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
2014-10-27 09:22 - 2009-11-16 13:25 - 00131072 _____ () C:\Program Files (x86)\Razer\Copperhead\razertra.exe
2014-08-28 08:19 - 2014-08-28 08:19 - 00034816 _____ () C:\Users\Arty\Desktop\Megui\tools\x264_10b\avs4x264mod.exe
2014-10-27 09:22 - 2005-08-17 13:23 - 00151552 _____ () C:\Program Files (x86)\Razer\Copperhead\download.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-02-19 17:51 - 2014-02-19 17:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-01-31 07:08 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2014-10-23 21:32 - 2013-04-14 11:00 - 00554496 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\splitter.ax
2014-10-23 21:32 - 2013-04-14 10:58 - 00080384 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\mkzlib.dll
2014-10-23 21:32 - 2013-04-14 10:58 - 00024576 _____ () C:\Program Files (x86)\Haali\MatroskaSplitter\mkunicode.dll
2013-01-06 14:47 - 2014-10-23 21:53 - 00082944 _____ () C:\Users\Arty\Desktop\Megui\MediaInfoWrapper.dll
2009-01-02 20:34 - 2014-10-23 21:53 - 00058368 _____ () C:\Users\Arty\Desktop\Megui\AvisynthWrapper.DLL
2014-10-23 22:03 - 2013-10-10 23:41 - 00233472 _____ () C:\Program Files (x86)\SagaraS Scriptmaker\Plugins\SplineResize.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Control Panel\Desktop\\Wallpaper -> 

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: breakfast-phase => C:\Users\Arty\AppData\Local\Temp\Breakfast-job\breakfast-permit.exe
MSCONFIG\startupreg: zujlwuwh => C:\Users\Arty\AppData\Roaming\Xfithpyp\jbkwdqowuwh.exe

==================== Accounts: =============================

Administrator (S-1-5-21-768761217-1181827061-3865430075-500 - Administrator - Disabled)
Arty (S-1-5-21-768761217-1181827061-3865430075-1000 - Administrator - Enabled) => C:\Users\Arty
Gast (S-1-5-21-768761217-1181827061-3865430075-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 03:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000043a0218
ID des fehlerhaften Prozesses: 0x784
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/26/2015 10:14:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 40.0.2214.91 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a64

Startzeit: 01d039484f6853d2

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: a9ed4658-a53b-11e4-bc65-448a5b9df6ae

Error: (01/24/2015 10:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 40.0.2214.91, Zeitstempel: 0x54bf0a96
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x10b4
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (01/22/2015 10:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2970
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3

Error: (01/22/2015 10:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2ba8
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3

Error: (01/22/2015 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Origin.exe, Version: 9.5.3.636, Zeitstempel: 0x54878687
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008af3e
ID des fehlerhaften Prozesses: 0x2b10
Startzeit der fehlerhaften Anwendung: 0xOrigin.exe0
Pfad der fehlerhaften Anwendung: Origin.exe1
Pfad des fehlerhaften Moduls: Origin.exe2
Berichtskennung: Origin.exe3

Error: (01/22/2015 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 39.0.2171.99, Zeitstempel: 0x54aef409
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000212b3
ID des fehlerhaften Prozesses: 0x1f0c
Startzeit der fehlerhaften Anwendung: 0xchrome.exe0
Pfad der fehlerhaften Anwendung: chrome.exe1
Pfad des fehlerhaften Moduls: chrome.exe2
Berichtskennung: chrome.exe3

Error: (01/21/2015 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.99 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b7c

Startzeit: 01d035a24b9c38a9

Endzeit: 2

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: d7379cb4-a195-11e4-9eb4-448a5b9df6ae

Error: (01/18/2015 06:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a144
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000004120218
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (01/17/2015 09:36:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm thunderbird.exe, Version 31.4.0.5487 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 27d8

Startzeit: 01d03294e99b05ae

Endzeit: 13

Anwendungspfad: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

Berichts-ID: 714f5ce8-9e88-11e4-930f-448a5b9df6ae


System errors:
=============
Error: (02/05/2015 03:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/04/2015 10:25:07 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/04/2015 06:32:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (02/04/2015 06:32:34 AM) (Source: atapi) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.

Error: (02/04/2015 06:32:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/04/2015 01:10:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/03/2015 10:51:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/03/2015 06:03:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/03/2015 01:04:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/02/2015 06:37:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (01/28/2015 03:29:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c000000500000000043a021878401d03aa20aef1eabC:\Windows\Explorer.EXEunknown6ebc53a5-a695-11e4-ac3d-448a5b9df6ae

Error: (01/26/2015 10:14:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.91a6401d039484f6853d23C:\Program Files (x86)\Google\Chrome\Application\chrome.exea9ed4658-a53b-11e4-bc65-448a5b9df6ae

Error: (01/24/2015 10:13:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.9154bf0a96KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b310b401d037b60ab329e6C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll48a020ff-a3a9-11e4-95ec-448a5b9df6ae

Error: (01/22/2015 10:27:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e297001d0368a35318474C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll7458b698-a27d-11e4-8678-448a5b9df6ae

Error: (01/22/2015 10:26:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e2ba801d0368a1d7741a3C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll5cac088a-a27d-11e4-8678-448a5b9df6ae

Error: (01/22/2015 10:26:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.3.63654878687MSVCR100.dll10.0.40219.3254df2be1ec00004170008af3e2b1001d03689fe1b7417C:\Program Files (x86)\Origin\Origin.exeC:\Windows\system32\MSVCR100.dll48c30048-a27d-11e4-8678-448a5b9df6ae

Error: (01/22/2015 02:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe39.0.2171.9954aef409KERNELBASE.dll6.1.7601.1840953159a86c0000005000212b31f0c01d03644efb2c80dC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\syswow64\KERNELBASE.dll2e19185e-a238-11e4-8678-448a5b9df6ae

Error: (01/21/2015 06:49:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.99b7c01d035a24b9c38a92C:\Program Files (x86)\Google\Chrome\Application\chrome.exed7379cb4-a195-11e4-9eb4-448a5b9df6ae

Error: (01/18/2015 06:33:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175144ce7a144unknown0.0.0.000000000c0000005000000000412021876c01d032e025aeed43C:\Windows\Explorer.EXEunknown7bba6ed2-9ed3-11e4-973f-448a5b9df6ae

Error: (01/17/2015 09:36:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.4.0.548727d801d03294e99b05ae13C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe714f5ce8-9e88-11e4-930f-448a5b9df6ae


CodeIntegrity Errors:
===================================
  Date: 2014-11-02 06:33:16.876
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-02 06:33:16.829
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 06:11:09.949
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-01 06:11:09.887
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 20:08:58.837
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 20:08:58.774
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 09:38:38.600
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-10-31 09:38:38.560
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Percentage of memory in use: 48%
Total physical RAM: 8125.21 MB
Available physical RAM: 4224.78 MB
Total Pagefile: 16248.61 MB
Available Pagefile: 11675.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:372.51 GB) (Free:197.9 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:465.75 GB) (Free:192.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Volume) (Fixed) (Total:1863.01 GB) (Free:1630.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: E025EFE9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=372.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DE4CDE4C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00916640)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
gmer-Log

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-05 17:47:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725040VLAT80 rev.V5COA42A 372,61GB
Running: Gmer-19357.exe; Driver: C:\Users\Arty\AppData\Local\Temp\kxldrpob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674                                                                                                                                                             fffff800033b1092 4 bytes [00, 00, 00, 00]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 681                                                                                                                                                             fffff800033b1099 9 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\system32\PnkBstrA.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                                 0000000076181465 2 bytes [18, 76]
.text     C:\Windows\system32\PnkBstrA.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                                00000000761814bb 2 bytes [18, 76]
.text     ...                                                                                                                                                                                                                            * 2
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DispatchMessageW                                                                                                                                   000000007584787b 5 bytes JMP 0000000170a3a040
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DispatchMessageA                                                                                                                                   0000000075847bbb 5 bytes JMP 0000000170a3a010
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                                                    0000000075848a29 5 bytes JMP 0000000170a3aa20
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetWindowPos                                                                                                                                       0000000075848e4e 5 bytes JMP 0000000170a3a1a0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!DestroyWindow                                                                                                                                      0000000075849a55 5 bytes JMP 0000000170a3a170
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                                                                    000000007584d22e 5 bytes JMP 0000000170a3a8e0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!PeekMessageW                                                                                                                                       00000000758505ba 5 bytes JMP 0000000170a3a360
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!ShowWindow                                                                                                                                         0000000075850dfb 5 bytes JMP 0000000170a3a070
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!EndPaint                                                                                                                                           0000000075851341 5 bytes JMP 0000000170a3a440
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!BeginPaint                                                                                                                                         0000000075851361 5 bytes JMP 0000000170a3a3e0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindowIndirect                                                                                                                        00000000758528da 5 bytes JMP 0000000170a3a860
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetCursor                                                                                                                                          00000000758541f6 5 bytes JMP 0000000170a39920
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!PeekMessageA                                                                                                                                       0000000075855f74 5 bytes JMP 0000000170a3a300
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!BringWindowToTop                                                                                                                                   0000000075857b3b 5 bytes JMP 0000000170a3a3c0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!AnimateWindow                                                                                                                                      000000007585b531 5 bytes JMP 0000000170a3a210
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!UpdateLayeredWindow                                                                                                                                000000007585ba4a 5 bytes JMP 0000000170a3a790
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!WindowFromPoint                                                                                                                                    000000007586ed12 5 bytes JMP 0000000170a39940
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetCapture                                                                                                                                         000000007586ed56 5 bytes JMP 0000000170a3a2e0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\USER32.dll!SetForegroundWindow                                                                                                                                000000007586f170 5 bytes JMP 0000000170a3a2a0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\GDI32.dll!BitBlt                                                                                                                                              0000000077055ea6 5 bytes JMP 0000000170a39970
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\GDI32.dll!StretchBlt                                                                                                                                          000000007705b895 5 bytes JMP 0000000170a39be0
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                                           0000000076181465 2 bytes [18, 76]
.text     C:\Program Files (x86)\Raptr\raptr.exe[4088] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                                          00000000761814bb 2 bytes [18, 76]
.text     ...                                                                                                                                                                                                                            * 2
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DAC401B-95C5-479F-86CA-62DED1CF75DF}\offreg.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1008](2015-02-05 16:20:03)  000007feebd90000

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs                                                                                                                                                  AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber                                                                                                                                                         7601
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon                                                                                                                                                          0
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec                                                                                                                                                       1

---- EOF - GMER 2.1 ----
         

Ich bedanke mich schonmal

Alt 05.02.2015, 19:27   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 05.02.2015, 19:43   #3
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Hey,

danke für die schnelle Antwort

Code:
ATTFilter
19:39:28.0690 0x165c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:39:35.0610 0x165c  ============================================================
19:39:35.0610 0x165c  Current date / time: 2015/02/05 19:39:35.0610
19:39:35.0610 0x165c  SystemInfo:
19:39:35.0610 0x165c  
19:39:35.0610 0x165c  OS Version: 6.1.7601 ServicePack: 1.0
19:39:35.0610 0x165c  Product type: Workstation
19:39:35.0610 0x165c  ComputerName: ARTY-PC
19:39:35.0610 0x165c  UserName: Arty
19:39:35.0610 0x165c  Windows directory: C:\Windows
19:39:35.0610 0x165c  System windows directory: C:\Windows
19:39:35.0610 0x165c  Running under WOW64
19:39:35.0610 0x165c  Processor architecture: Intel x64
19:39:35.0610 0x165c  Number of processors: 8
19:39:35.0610 0x165c  Page size: 0x1000
19:39:35.0610 0x165c  Boot type: Normal boot
19:39:35.0610 0x165c  ============================================================
19:39:37.0339 0x165c  KLMD registered as C:\Windows\system32\drivers\26528119.sys
19:39:37.0624 0x165c  System UUID: {D7F159AB-3360-B335-5E46-29ECA33905BD}
19:39:38.0053 0x165c  Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xC9E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:39:38.0070 0x165c  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:38.0702 0x165c  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:39:38.0705 0x165c  ============================================================
19:39:38.0705 0x165c  \Device\Harddisk0\DR0:
19:39:38.0705 0x165c  MBR partitions:
19:39:38.0705 0x165c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:39:38.0705 0x165c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2E905800
19:39:38.0706 0x165c  \Device\Harddisk1\DR1:
19:39:38.0706 0x165c  MBR partitions:
19:39:38.0706 0x165c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:39:38.0706 0x165c  \Device\Harddisk2\DR2:
19:39:38.0706 0x165c  MBR partitions:
19:39:38.0706 0x165c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
19:39:38.0706 0x165c  ============================================================
19:39:38.0737 0x165c  C: <-> \Device\Harddisk0\DR0\Partition2
19:39:38.0759 0x165c  D: <-> \Device\Harddisk0\DR0\Partition1
19:39:38.0781 0x165c  F: <-> \Device\Harddisk1\DR1\Partition1
19:39:38.0789 0x165c  G: <-> \Device\Harddisk2\DR2\Partition1
19:39:38.0789 0x165c  ============================================================
19:39:38.0789 0x165c  Initialize success
19:39:38.0789 0x165c  ============================================================
19:40:38.0496 0x15b8  ============================================================
19:40:38.0496 0x15b8  Scan started
19:40:38.0496 0x15b8  Mode: Manual; SigCheck; TDLFS; 
19:40:38.0496 0x15b8  ============================================================
19:40:38.0496 0x15b8  KSN ping started
19:40:41.0169 0x15b8  KSN ping finished: true
19:40:42.0114 0x15b8  ================ Scan system memory ========================
19:40:42.0114 0x15b8  System memory - ok
19:40:42.0115 0x15b8  ================ Scan services =============================
19:40:42.0205 0x15b8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:40:42.0231 0x15b8  1394ohci - ok
19:40:42.0257 0x15b8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:40:42.0266 0x15b8  ACPI - ok
19:40:42.0273 0x15b8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:40:42.0281 0x15b8  AcpiPmi - ok
19:40:42.0337 0x15b8  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:42.0343 0x15b8  AdobeARMservice - ok
19:40:42.0418 0x15b8  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:42.0426 0x15b8  AdobeFlashPlayerUpdateSvc - ok
19:40:42.0466 0x15b8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:42.0477 0x15b8  adp94xx - ok
19:40:42.0502 0x15b8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:40:42.0512 0x15b8  adpahci - ok
19:40:42.0524 0x15b8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:40:42.0531 0x15b8  adpu320 - ok
19:40:42.0562 0x15b8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:40:42.0581 0x15b8  AeLookupSvc - ok
19:40:42.0607 0x15b8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:40:42.0620 0x15b8  AFD - ok
19:40:42.0637 0x15b8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:40:42.0643 0x15b8  agp440 - ok
19:40:42.0652 0x15b8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:40:42.0658 0x15b8  ALG - ok
19:40:42.0668 0x15b8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:40:42.0673 0x15b8  aliide - ok
19:40:42.0703 0x15b8  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:40:42.0714 0x15b8  AMD External Events Utility - ok
19:40:42.0729 0x15b8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:40:42.0734 0x15b8  amdide - ok
19:40:42.0756 0x15b8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:40:42.0763 0x15b8  AmdK8 - ok
19:40:43.0282 0x15b8  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:40:43.0625 0x15b8  amdkmdag - ok
19:40:43.0686 0x15b8  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:40:43.0703 0x15b8  amdkmdap - ok
19:40:43.0735 0x15b8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:40:43.0742 0x15b8  AmdPPM - ok
19:40:43.0763 0x15b8  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:40:43.0770 0x15b8  amdsata - ok
19:40:43.0785 0x15b8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:43.0794 0x15b8  amdsbs - ok
19:40:43.0807 0x15b8  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:40:43.0812 0x15b8  amdxata - ok
19:40:43.0839 0x15b8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:40:43.0859 0x15b8  AppID - ok
19:40:43.0881 0x15b8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:40:43.0900 0x15b8  AppIDSvc - ok
19:40:43.0929 0x15b8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:40:43.0937 0x15b8  Appinfo - ok
19:40:43.0949 0x15b8  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:40:43.0958 0x15b8  AppMgmt - ok
19:40:43.0992 0x15b8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:40:43.0999 0x15b8  arc - ok
19:40:44.0009 0x15b8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:40:44.0015 0x15b8  arcsas - ok
19:40:44.0101 0x15b8  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:40:44.0108 0x15b8  aspnet_state - ok
19:40:44.0122 0x15b8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:44.0140 0x15b8  AsyncMac - ok
19:40:44.0157 0x15b8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:40:44.0162 0x15b8  atapi - ok
19:40:44.0185 0x15b8  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:40:44.0193 0x15b8  AtiHDAudioService - ok
19:40:44.0252 0x15b8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:40:44.0283 0x15b8  AudioEndpointBuilder - ok
19:40:44.0300 0x15b8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:40:44.0329 0x15b8  AudioSrv - ok
19:40:44.0351 0x15b8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:40:44.0361 0x15b8  AxInstSV - ok
19:40:44.0400 0x15b8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:40:44.0414 0x15b8  b06bdrv - ok
19:40:44.0430 0x15b8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:40:44.0440 0x15b8  b57nd60a - ok
19:40:44.0463 0x15b8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:40:44.0471 0x15b8  BDESVC - ok
19:40:44.0484 0x15b8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:40:44.0503 0x15b8  Beep - ok
19:40:44.0545 0x15b8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:40:44.0564 0x15b8  BFE - ok
19:40:44.0630 0x15b8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:40:44.0663 0x15b8  BITS - ok
19:40:44.0699 0x15b8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:44.0706 0x15b8  blbdrive - ok
19:40:44.0732 0x15b8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:40:44.0739 0x15b8  bowser - ok
19:40:44.0751 0x15b8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:44.0759 0x15b8  BrFiltLo - ok
19:40:44.0767 0x15b8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:44.0774 0x15b8  BrFiltUp - ok
19:40:44.0810 0x15b8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:40:44.0819 0x15b8  Browser - ok
19:40:44.0834 0x15b8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:40:44.0844 0x15b8  Brserid - ok
19:40:44.0858 0x15b8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:44.0866 0x15b8  BrSerWdm - ok
19:40:44.0879 0x15b8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:44.0886 0x15b8  BrUsbMdm - ok
19:40:44.0911 0x15b8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:44.0918 0x15b8  BrUsbSer - ok
19:40:44.0925 0x15b8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:44.0933 0x15b8  BTHMODEM - ok
19:40:44.0964 0x15b8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:40:44.0984 0x15b8  bthserv - ok
19:40:45.0018 0x15b8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:40:45.0039 0x15b8  cdfs - ok
19:40:45.0060 0x15b8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:40:45.0068 0x15b8  cdrom - ok
19:40:45.0088 0x15b8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:40:45.0108 0x15b8  CertPropSvc - ok
19:40:45.0124 0x15b8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:40:45.0132 0x15b8  circlass - ok
19:40:45.0171 0x15b8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:40:45.0181 0x15b8  CLFS - ok
19:40:45.0278 0x15b8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:45.0284 0x15b8  clr_optimization_v2.0.50727_32 - ok
19:40:45.0399 0x15b8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:45.0405 0x15b8  clr_optimization_v2.0.50727_64 - ok
19:40:45.0573 0x15b8  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:45.0580 0x15b8  clr_optimization_v4.0.30319_32 - ok
19:40:45.0590 0x15b8  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:40:45.0598 0x15b8  clr_optimization_v4.0.30319_64 - ok
19:40:45.0623 0x15b8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:45.0631 0x15b8  CmBatt - ok
19:40:45.0646 0x15b8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:40:45.0651 0x15b8  cmdide - ok
19:40:45.0688 0x15b8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:40:45.0703 0x15b8  CNG - ok
19:40:45.0718 0x15b8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:40:45.0723 0x15b8  Compbatt - ok
19:40:45.0730 0x15b8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:40:45.0737 0x15b8  CompositeBus - ok
19:40:45.0739 0x15b8  COMSysApp - ok
19:40:45.0783 0x15b8  [ 44622785D2D2DD8B13E6DC969B6E34A4, 98F3D48A80A6C28776EF77782472428F107C6B4203A82537730679EA5E742521 ] copperhd        C:\Windows\system32\drivers\copperhd.sys
19:40:45.0792 0x15b8  copperhd - ok
19:40:45.0818 0x15b8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:45.0823 0x15b8  crcdisk - ok
19:40:45.0854 0x15b8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:40:45.0863 0x15b8  CryptSvc - ok
19:40:45.0899 0x15b8  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
19:40:45.0914 0x15b8  CSC - ok
19:40:45.0940 0x15b8  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
19:40:45.0957 0x15b8  CscService - ok
19:40:46.0002 0x15b8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:40:46.0031 0x15b8  DcomLaunch - ok
19:40:46.0064 0x15b8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:40:46.0086 0x15b8  defragsvc - ok
19:40:46.0108 0x15b8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:40:46.0129 0x15b8  DfsC - ok
19:40:46.0149 0x15b8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:40:46.0172 0x15b8  Dhcp - ok
19:40:46.0196 0x15b8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:40:46.0215 0x15b8  discache - ok
19:40:46.0226 0x15b8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:40:46.0232 0x15b8  Disk - ok
19:40:46.0262 0x15b8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:40:46.0272 0x15b8  Dnscache - ok
19:40:46.0303 0x15b8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:40:46.0325 0x15b8  dot3svc - ok
19:40:46.0343 0x15b8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:40:46.0365 0x15b8  DPS - ok
19:40:46.0399 0x15b8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:40:46.0405 0x15b8  drmkaud - ok
19:40:46.0448 0x15b8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:40:46.0467 0x15b8  DXGKrnl - ok
19:40:46.0485 0x15b8  EagleX64 - ok
19:40:46.0516 0x15b8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:40:46.0537 0x15b8  EapHost - ok
19:40:46.0549 0x15b8  EasyAntiCheat - ok
19:40:46.0673 0x15b8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:40:46.0729 0x15b8  ebdrv - ok
19:40:46.0756 0x15b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
19:40:46.0761 0x15b8  EFS - ok
19:40:46.0800 0x15b8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:40:46.0817 0x15b8  ehRecvr - ok
19:40:46.0843 0x15b8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:40:46.0851 0x15b8  ehSched - ok
19:40:46.0980 0x15b8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:40:47.0007 0x15b8  elxstor - ok
19:40:47.0034 0x15b8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:40:47.0041 0x15b8  ErrDev - ok
19:40:47.0100 0x15b8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:40:47.0128 0x15b8  EventSystem - ok
19:40:47.0141 0x15b8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:40:47.0163 0x15b8  exfat - ok
19:40:47.0198 0x15b8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:40:47.0219 0x15b8  fastfat - ok
19:40:47.0269 0x15b8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:40:47.0285 0x15b8  Fax - ok
19:40:47.0299 0x15b8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:40:47.0306 0x15b8  fdc - ok
19:40:47.0316 0x15b8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:40:47.0335 0x15b8  fdPHost - ok
19:40:47.0363 0x15b8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:40:47.0382 0x15b8  FDResPub - ok
19:40:47.0389 0x15b8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:40:47.0395 0x15b8  FileInfo - ok
19:40:47.0407 0x15b8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:40:47.0427 0x15b8  Filetrace - ok
19:40:47.0448 0x15b8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:40:47.0455 0x15b8  flpydisk - ok
19:40:47.0493 0x15b8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:40:47.0502 0x15b8  FltMgr - ok
19:40:47.0566 0x15b8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:40:47.0590 0x15b8  FontCache - ok
19:40:47.0619 0x15b8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:40:47.0625 0x15b8  FontCache3.0.0.0 - ok
19:40:47.0656 0x15b8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:40:47.0662 0x15b8  FsDepends - ok
19:40:47.0703 0x15b8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:40:47.0708 0x15b8  Fs_Rec - ok
19:40:47.0744 0x15b8  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:40:47.0754 0x15b8  fvevol - ok
19:40:47.0768 0x15b8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:40:47.0774 0x15b8  gagp30kx - ok
19:40:47.0821 0x15b8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:40:47.0854 0x15b8  gpsvc - ok
19:40:47.0889 0x15b8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:47.0895 0x15b8  gupdate - ok
19:40:47.0899 0x15b8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:40:47.0905 0x15b8  gupdatem - ok
19:40:47.0934 0x15b8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:40:47.0941 0x15b8  hcw85cir - ok
19:40:47.0972 0x15b8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:40:47.0985 0x15b8  HdAudAddService - ok
19:40:48.0000 0x15b8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:40:48.0010 0x15b8  HDAudBus - ok
19:40:48.0024 0x15b8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:40:48.0031 0x15b8  HidBatt - ok
19:40:48.0046 0x15b8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:40:48.0055 0x15b8  HidBth - ok
19:40:48.0069 0x15b8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:40:48.0078 0x15b8  HidIr - ok
19:40:48.0106 0x15b8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:40:48.0125 0x15b8  hidserv - ok
19:40:48.0152 0x15b8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:40:48.0157 0x15b8  HidUsb - ok
19:40:48.0181 0x15b8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:40:48.0201 0x15b8  hkmsvc - ok
19:40:48.0229 0x15b8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:40:48.0239 0x15b8  HomeGroupListener - ok
19:40:48.0263 0x15b8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:40:48.0272 0x15b8  HomeGroupProvider - ok
19:40:48.0283 0x15b8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:40:48.0289 0x15b8  HpSAMD - ok
19:40:48.0342 0x15b8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:40:48.0372 0x15b8  HTTP - ok
19:40:48.0392 0x15b8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:40:48.0397 0x15b8  hwpolicy - ok
19:40:48.0424 0x15b8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:40:48.0431 0x15b8  i8042prt - ok
19:40:48.0462 0x15b8  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:40:48.0472 0x15b8  iaStorV - ok
19:40:48.0535 0x15b8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:40:48.0553 0x15b8  idsvc - ok
19:40:48.0570 0x15b8  IEEtwCollectorService - ok
19:40:48.0615 0x15b8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:40:48.0621 0x15b8  iirsp - ok
19:40:48.0652 0x15b8  [ FF604BCE2537A4734DA0CE19AD9B7B7A, E40E87961F46B374122ED2B06E79C575FCFA4D29F95763ADC7E88270D064AFE8 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
19:40:48.0658 0x15b8  ikbevent - ok
19:40:48.0713 0x15b8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:40:48.0733 0x15b8  IKEEXT - ok
19:40:48.0747 0x15b8  [ 298E67827BE3C4403C32EAB66987A334, BE7D95E2BB0D6D60B40966305D0354CA93F773FD2FA2727F1076DC8E162D5EB1 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
19:40:48.0753 0x15b8  imsevent - ok
19:40:48.0779 0x15b8  [ 4709FA618952E381ED9BF40B524E8EAC, FA6B7EEA1F122BE8731C4B26F5BA21F5B73F19BBD85F938AFF66E8558C793682 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
19:40:48.0784 0x15b8  INETMON - ok
19:40:48.0901 0x15b8  [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:40:48.0963 0x15b8  IntcAzAudAddService - ok
19:40:49.0065 0x15b8  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
19:40:49.0082 0x15b8  Intel(R) Capability Licensing Service TCP IP Interface - ok
19:40:49.0094 0x15b8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:40:49.0099 0x15b8  intelide - ok
19:40:49.0132 0x15b8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:40:49.0139 0x15b8  intelppm - ok
19:40:49.0167 0x15b8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:40:49.0188 0x15b8  IPBusEnum - ok
19:40:49.0221 0x15b8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:40:49.0242 0x15b8  IpFilterDriver - ok
19:40:49.0286 0x15b8  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:40:49.0312 0x15b8  iphlpsvc - ok
19:40:49.0330 0x15b8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:40:49.0337 0x15b8  IPMIDRV - ok
19:40:49.0368 0x15b8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:40:49.0387 0x15b8  IPNAT - ok
19:40:49.0401 0x15b8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:40:49.0409 0x15b8  IRENUM - ok
19:40:49.0427 0x15b8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:40:49.0432 0x15b8  isapnp - ok
19:40:49.0446 0x15b8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:40:49.0455 0x15b8  iScsiPrt - ok
19:40:49.0487 0x15b8  [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT            C:\Windows\system32\DRIVERS\ISCTD.sys
19:40:49.0494 0x15b8  ISCT - ok
19:40:49.0533 0x15b8  [ B6064D8C7500E416BC0B7CB2A8474D3A, 824CD7539398119DEF147EEDDBF010EA9B6184B8FA4B17BDDC0D9948F0F66991 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
19:40:49.0541 0x15b8  ISCTAgent - ok
19:40:49.0565 0x15b8  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:40:49.0570 0x15b8  iusb3hcs - ok
19:40:49.0603 0x15b8  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:40:49.0612 0x15b8  iusb3hub - ok
19:40:49.0646 0x15b8  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:40:49.0662 0x15b8  iusb3xhc - ok
19:40:49.0696 0x15b8  [ BDC9C7931DB723CB1AF9F7075EA06645, EEBD5DC9C4656F14F8F0A0A5E84657B6B2BA35283E0E571119DA82F131D5C21B ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:40:49.0703 0x15b8  jhi_service - ok
19:40:49.0723 0x15b8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:40:49.0729 0x15b8  kbdclass - ok
19:40:49.0735 0x15b8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:40:49.0742 0x15b8  kbdhid - ok
19:40:49.0754 0x15b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
19:40:49.0761 0x15b8  KeyIso - ok
19:40:49.0789 0x15b8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:40:49.0795 0x15b8  KSecDD - ok
19:40:49.0808 0x15b8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:40:49.0815 0x15b8  KSecPkg - ok
19:40:49.0838 0x15b8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:40:49.0857 0x15b8  ksthunk - ok
19:40:49.0900 0x15b8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:40:49.0924 0x15b8  KtmRm - ok
19:40:49.0961 0x15b8  [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
19:40:49.0971 0x15b8  LADF_CaptureOnly - ok
19:40:49.0985 0x15b8  [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
19:40:49.0992 0x15b8  LADF_RenderOnly - ok
19:40:50.0025 0x15b8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:40:50.0048 0x15b8  LanmanServer - ok
19:40:50.0067 0x15b8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:40:50.0087 0x15b8  LanmanWorkstation - ok
19:40:50.0117 0x15b8  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
19:40:50.0121 0x15b8  LGBusEnum - ok
19:40:50.0149 0x15b8  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
19:40:50.0154 0x15b8  LGVirHid - ok
19:40:50.0182 0x15b8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:40:50.0201 0x15b8  lltdio - ok
19:40:50.0236 0x15b8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:40:50.0259 0x15b8  lltdsvc - ok
19:40:50.0270 0x15b8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:40:50.0289 0x15b8  lmhosts - ok
19:40:50.0344 0x15b8  [ A7D2A96187E5C5F4F7650900A15788AA, F131C3E8206A89A9244ECF2507F4FC1A8550E594A58F75338939A54C973078AF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:40:50.0354 0x15b8  LMS - ok
19:40:50.0369 0x15b8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:40:50.0376 0x15b8  LSI_FC - ok
19:40:50.0385 0x15b8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:40:50.0392 0x15b8  LSI_SAS - ok
19:40:50.0398 0x15b8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:40:50.0404 0x15b8  LSI_SAS2 - ok
19:40:50.0432 0x15b8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:40:50.0439 0x15b8  LSI_SCSI - ok
19:40:50.0454 0x15b8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:40:50.0475 0x15b8  luafv - ok
19:40:50.0494 0x15b8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:40:50.0502 0x15b8  Mcx2Svc - ok
19:40:50.0515 0x15b8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:40:50.0521 0x15b8  megasas - ok
19:40:50.0537 0x15b8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:40:50.0546 0x15b8  MegaSR - ok
19:40:50.0637 0x15b8  [ AFEA4FAABCE6F0C299E9231FF4F466BE, BCF0C50F02C4AC2784139935F3756F5C4D24FCAF07ACD9567B87991A9D1F16DB ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
19:40:50.0644 0x15b8  MEIx64 - ok
19:40:50.0675 0x15b8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:40:50.0694 0x15b8  MMCSS - ok
19:40:50.0718 0x15b8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:40:50.0737 0x15b8  Modem - ok
19:40:50.0762 0x15b8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:40:50.0770 0x15b8  monitor - ok
19:40:50.0783 0x15b8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:40:50.0789 0x15b8  mouclass - ok
19:40:50.0795 0x15b8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:40:50.0802 0x15b8  mouhid - ok
19:40:50.0821 0x15b8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:40:50.0827 0x15b8  mountmgr - ok
19:40:50.0854 0x15b8  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:40:50.0861 0x15b8  MozillaMaintenance - ok
19:40:50.0886 0x15b8  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:40:50.0896 0x15b8  MpFilter - ok
19:40:50.0913 0x15b8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:40:50.0920 0x15b8  mpio - ok
19:40:50.0942 0x15b8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:40:50.0963 0x15b8  mpsdrv - ok
19:40:51.0012 0x15b8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:40:51.0045 0x15b8  MpsSvc - ok
19:40:51.0074 0x15b8  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:40:51.0085 0x15b8  MRxDAV - ok
19:40:51.0121 0x15b8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:40:51.0129 0x15b8  mrxsmb - ok
19:40:51.0157 0x15b8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:40:51.0169 0x15b8  mrxsmb10 - ok
19:40:51.0194 0x15b8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:40:51.0203 0x15b8  mrxsmb20 - ok
19:40:51.0227 0x15b8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:40:51.0233 0x15b8  msahci - ok
19:40:51.0244 0x15b8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:40:51.0251 0x15b8  msdsm - ok
19:40:51.0261 0x15b8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:40:51.0270 0x15b8  MSDTC - ok
19:40:51.0300 0x15b8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:40:51.0320 0x15b8  Msfs - ok
19:40:51.0329 0x15b8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:40:51.0348 0x15b8  mshidkmdf - ok
19:40:51.0349 0x15b8  MSICDSetup - ok
19:40:51.0356 0x15b8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:40:51.0361 0x15b8  msisadrv - ok
19:40:51.0398 0x15b8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:40:51.0419 0x15b8  MSiSCSI - ok
19:40:51.0421 0x15b8  msiserver - ok
19:40:51.0453 0x15b8  [ 6AFCD25B843D0C731B6987E39995AE72, FD0F2E15B0CEB1E558BD8A02D59B9002706A003049678281A446BC4398862B70 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
19:40:51.0460 0x15b8  MSI_SuperCharger - ok
19:40:51.0472 0x15b8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:40:51.0490 0x15b8  MSKSSRV - ok
19:40:51.0537 0x15b8  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:40:51.0543 0x15b8  MsMpSvc - ok
19:40:51.0570 0x15b8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:40:51.0589 0x15b8  MSPCLOCK - ok
19:40:51.0597 0x15b8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:40:51.0616 0x15b8  MSPQM - ok
19:40:51.0646 0x15b8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:40:51.0661 0x15b8  MsRPC - ok
19:40:51.0677 0x15b8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:40:51.0684 0x15b8  mssmbios - ok
19:40:51.0692 0x15b8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:40:51.0710 0x15b8  MSTEE - ok
19:40:51.0721 0x15b8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:40:51.0728 0x15b8  MTConfig - ok
19:40:51.0742 0x15b8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:40:51.0748 0x15b8  Mup - ok
19:40:51.0789 0x15b8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:40:51.0813 0x15b8  napagent - ok
19:40:51.0849 0x15b8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:40:51.0862 0x15b8  NativeWifiP - ok
19:40:51.0906 0x15b8  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:40:51.0924 0x15b8  NDIS - ok
19:40:51.0937 0x15b8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:40:51.0956 0x15b8  NdisCap - ok
19:40:51.0964 0x15b8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:40:51.0985 0x15b8  NdisTapi - ok
19:40:52.0007 0x15b8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:40:52.0026 0x15b8  Ndisuio - ok
19:40:52.0062 0x15b8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:40:52.0082 0x15b8  NdisWan - ok
19:40:52.0101 0x15b8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:40:52.0120 0x15b8  NDProxy - ok
19:40:52.0149 0x15b8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:40:52.0166 0x15b8  NetBIOS - ok
19:40:52.0203 0x15b8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:40:52.0224 0x15b8  NetBT - ok
19:40:52.0238 0x15b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
19:40:52.0244 0x15b8  Netlogon - ok
19:40:52.0279 0x15b8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:40:52.0303 0x15b8  Netman - ok
19:40:52.0329 0x15b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0337 0x15b8  NetMsmqActivator - ok
19:40:52.0342 0x15b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0349 0x15b8  NetPipeActivator - ok
19:40:52.0370 0x15b8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:40:52.0395 0x15b8  netprofm - ok
19:40:52.0400 0x15b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0407 0x15b8  NetTcpActivator - ok
19:40:52.0411 0x15b8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:40:52.0418 0x15b8  NetTcpPortSharing - ok
19:40:52.0445 0x15b8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:40:52.0450 0x15b8  nfrd960 - ok
19:40:52.0473 0x15b8  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:40:52.0480 0x15b8  NisDrv - ok
19:40:52.0506 0x15b8  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
19:40:52.0517 0x15b8  NisSrv - ok
19:40:52.0545 0x15b8  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:40:52.0567 0x15b8  NlaSvc - ok
19:40:52.0578 0x15b8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:40:52.0597 0x15b8  Npfs - ok
19:40:52.0625 0x15b8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:40:52.0643 0x15b8  nsi - ok
19:40:52.0652 0x15b8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:40:52.0671 0x15b8  nsiproxy - ok
19:40:52.0727 0x15b8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:40:52.0772 0x15b8  Ntfs - ok
19:40:52.0810 0x15b8  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
19:40:52.0814 0x15b8  NTIOLib_1_0_3 - ok
19:40:52.0848 0x15b8  NTIOLib_1_0_C - ok
19:40:52.0867 0x15b8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:40:52.0885 0x15b8  Null - ok
19:40:52.0902 0x15b8  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:40:52.0909 0x15b8  nvraid - ok
19:40:52.0923 0x15b8  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:40:52.0930 0x15b8  nvstor - ok
19:40:52.0944 0x15b8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:40:52.0950 0x15b8  nv_agp - ok
19:40:52.0965 0x15b8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:40:52.0974 0x15b8  ohci1394 - ok
19:40:53.0093 0x15b8  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
19:40:53.0124 0x15b8  Origin Client Service - ok
19:40:53.0191 0x15b8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:40:53.0203 0x15b8  p2pimsvc - ok
19:40:53.0245 0x15b8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:40:53.0258 0x15b8  p2psvc - ok
19:40:53.0343 0x15b8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:40:53.0351 0x15b8  Parport - ok
19:40:53.0391 0x15b8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:40:53.0397 0x15b8  partmgr - ok
19:40:53.0416 0x15b8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:40:53.0428 0x15b8  PcaSvc - ok
19:40:53.0449 0x15b8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:40:53.0457 0x15b8  pci - ok
19:40:53.0465 0x15b8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:40:53.0470 0x15b8  pciide - ok
19:40:53.0495 0x15b8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:40:53.0503 0x15b8  pcmcia - ok
19:40:53.0520 0x15b8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:40:53.0526 0x15b8  pcw - ok
19:40:53.0550 0x15b8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:40:53.0578 0x15b8  PEAUTH - ok
19:40:53.0638 0x15b8  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:40:53.0665 0x15b8  PeerDistSvc - ok
19:40:53.0726 0x15b8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:40:53.0733 0x15b8  PerfHost - ok
19:40:53.0795 0x15b8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:40:53.0833 0x15b8  pla - ok
19:40:53.0874 0x15b8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:40:53.0886 0x15b8  PlugPlay - ok
19:40:53.0912 0x15b8  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
19:40:53.0918 0x15b8  PnkBstrA - ok
19:40:53.0943 0x15b8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:40:53.0950 0x15b8  PNRPAutoReg - ok
19:40:53.0973 0x15b8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:40:53.0985 0x15b8  PNRPsvc - ok
19:40:54.0024 0x15b8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:40:54.0051 0x15b8  PolicyAgent - ok
19:40:54.0087 0x15b8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:40:54.0109 0x15b8  Power - ok
19:40:54.0122 0x15b8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:40:54.0141 0x15b8  PptpMiniport - ok
19:40:54.0149 0x15b8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:40:54.0156 0x15b8  Processor - ok
19:40:54.0175 0x15b8  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
19:40:54.0195 0x15b8  ProfSvc - ok
19:40:54.0206 0x15b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:40:54.0213 0x15b8  ProtectedStorage - ok
19:40:54.0238 0x15b8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:40:54.0258 0x15b8  Psched - ok
19:40:54.0320 0x15b8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:40:54.0346 0x15b8  ql2300 - ok
19:40:54.0363 0x15b8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:40:54.0370 0x15b8  ql40xx - ok
19:40:54.0421 0x15b8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:40:54.0433 0x15b8  QWAVE - ok
19:40:54.0444 0x15b8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:40:54.0453 0x15b8  QWAVEdrv - ok
19:40:54.0467 0x15b8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:40:54.0485 0x15b8  RasAcd - ok
19:40:54.0514 0x15b8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:40:54.0533 0x15b8  RasAgileVpn - ok
19:40:54.0548 0x15b8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:40:54.0569 0x15b8  RasAuto - ok
19:40:54.0606 0x15b8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:40:54.0625 0x15b8  Rasl2tp - ok
19:40:54.0663 0x15b8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:40:54.0686 0x15b8  RasMan - ok
19:40:54.0718 0x15b8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:40:54.0737 0x15b8  RasPppoe - ok
19:40:54.0748 0x15b8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:40:54.0768 0x15b8  RasSstp - ok
19:40:54.0790 0x15b8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:40:54.0812 0x15b8  rdbss - ok
19:40:54.0820 0x15b8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:40:54.0827 0x15b8  rdpbus - ok
19:40:54.0840 0x15b8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:40:54.0857 0x15b8  RDPCDD - ok
19:40:54.0877 0x15b8  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:40:54.0884 0x15b8  RDPDR - ok
19:40:54.0899 0x15b8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:40:54.0916 0x15b8  RDPENCDD - ok
19:40:54.0925 0x15b8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:40:54.0943 0x15b8  RDPREFMP - ok
19:40:54.0998 0x15b8  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:40:55.0004 0x15b8  RdpVideoMiniport - ok
19:40:55.0030 0x15b8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:40:55.0042 0x15b8  RDPWD - ok
19:40:55.0076 0x15b8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:40:55.0085 0x15b8  rdyboost - ok
19:40:55.0112 0x15b8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:40:55.0133 0x15b8  RemoteAccess - ok
19:40:55.0166 0x15b8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:40:55.0188 0x15b8  RemoteRegistry - ok
19:40:55.0218 0x15b8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:40:55.0241 0x15b8  RpcEptMapper - ok
19:40:55.0264 0x15b8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:40:55.0271 0x15b8  RpcLocator - ok
19:40:55.0321 0x15b8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:40:55.0347 0x15b8  RpcSs - ok
19:40:55.0369 0x15b8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:40:55.0389 0x15b8  rspndr - ok
19:40:55.0441 0x15b8  [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:40:55.0458 0x15b8  RTL8167 - ok
19:40:55.0473 0x15b8  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:40:55.0479 0x15b8  s3cap - ok
19:40:55.0494 0x15b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
19:40:55.0500 0x15b8  SamSs - ok
19:40:55.0521 0x15b8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:40:55.0528 0x15b8  sbp2port - ok
19:40:55.0558 0x15b8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:40:55.0580 0x15b8  SCardSvr - ok
19:40:55.0597 0x15b8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:40:55.0615 0x15b8  scfilter - ok
19:40:55.0752 0x15b8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:40:55.0787 0x15b8  Schedule - ok
19:40:55.0820 0x15b8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:40:55.0838 0x15b8  SCPolicySvc - ok
19:40:55.0858 0x15b8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:40:55.0866 0x15b8  SDRSVC - ok
19:40:55.0900 0x15b8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:40:55.0918 0x15b8  secdrv - ok
19:40:55.0935 0x15b8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:40:55.0953 0x15b8  seclogon - ok
19:40:55.0977 0x15b8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:40:55.0999 0x15b8  SENS - ok
19:40:56.0009 0x15b8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:40:56.0016 0x15b8  SensrSvc - ok
19:40:56.0024 0x15b8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:40:56.0031 0x15b8  Serenum - ok
19:40:56.0038 0x15b8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:40:56.0046 0x15b8  Serial - ok
19:40:56.0065 0x15b8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:40:56.0071 0x15b8  sermouse - ok
19:40:56.0108 0x15b8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:40:56.0128 0x15b8  SessionEnv - ok
19:40:56.0135 0x15b8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:40:56.0143 0x15b8  sffdisk - ok
19:40:56.0150 0x15b8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:40:56.0157 0x15b8  sffp_mmc - ok
19:40:56.0167 0x15b8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:40:56.0174 0x15b8  sffp_sd - ok
19:40:56.0200 0x15b8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:40:56.0206 0x15b8  sfloppy - ok
19:40:56.0249 0x15b8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:40:56.0275 0x15b8  SharedAccess - ok
19:40:56.0317 0x15b8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:40:56.0340 0x15b8  ShellHWDetection - ok
19:40:56.0348 0x15b8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:40:56.0354 0x15b8  SiSRaid2 - ok
19:40:56.0362 0x15b8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:40:56.0368 0x15b8  SiSRaid4 - ok
19:40:56.0418 0x15b8  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:40:56.0428 0x15b8  SkypeUpdate - ok
19:40:56.0457 0x15b8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:40:56.0477 0x15b8  Smb - ok
19:40:56.0506 0x15b8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:40:56.0514 0x15b8  SNMPTRAP - ok
19:40:56.0529 0x15b8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:40:56.0534 0x15b8  spldr - ok
19:40:56.0578 0x15b8  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
19:40:56.0605 0x15b8  Spooler - ok
19:40:56.0715 0x15b8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:40:56.0787 0x15b8  sppsvc - ok
19:40:56.0820 0x15b8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:40:56.0839 0x15b8  sppuinotify - ok
19:40:56.0877 0x15b8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:40:56.0889 0x15b8  srv - ok
19:40:56.0910 0x15b8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:40:56.0921 0x15b8  srv2 - ok
19:40:56.0955 0x15b8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:40:56.0963 0x15b8  srvnet - ok
19:40:57.0018 0x15b8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:40:57.0042 0x15b8  SSDPSRV - ok
19:40:57.0061 0x15b8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:40:57.0081 0x15b8  SstpSvc - ok
19:40:57.0142 0x15b8  [ 00D1DA2916DC90BDB64942FE2BEB865B, 4FEE3AC3649F9E9879F4C083C4A6B1D6C0F2E0280C22ECD49E5FD4C842C8D346 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:40:57.0158 0x15b8  Steam Client Service - ok
19:40:57.0180 0x15b8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:40:57.0186 0x15b8  stexstor - ok
19:40:57.0221 0x15b8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:40:57.0239 0x15b8  stisvc - ok
19:40:57.0262 0x15b8  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:40:57.0268 0x15b8  storflt - ok
19:40:57.0283 0x15b8  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:40:57.0289 0x15b8  storvsc - ok
19:40:57.0297 0x15b8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:40:57.0303 0x15b8  swenum - ok
19:40:57.0383 0x15b8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:40:57.0410 0x15b8  swprv - ok
19:40:57.0419 0x15b8  Synth3dVsc - ok
19:40:57.0494 0x15b8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:40:57.0530 0x15b8  SysMain - ok
19:40:57.0557 0x15b8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:40:57.0566 0x15b8  TabletInputService - ok
19:40:57.0616 0x15b8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:40:57.0638 0x15b8  TapiSrv - ok
19:40:57.0668 0x15b8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:40:57.0688 0x15b8  TBS - ok
19:40:57.0756 0x15b8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:40:57.0787 0x15b8  Tcpip - ok
19:40:57.0833 0x15b8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:40:57.0862 0x15b8  TCPIP6 - ok
19:40:57.0885 0x15b8  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:40:57.0903 0x15b8  tcpipreg - ok
19:40:57.0938 0x15b8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:40:57.0944 0x15b8  TDPIPE - ok
19:40:57.0973 0x15b8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:40:57.0979 0x15b8  TDTCP - ok
19:40:58.0013 0x15b8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:40:58.0035 0x15b8  tdx - ok
19:40:58.0043 0x15b8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:40:58.0049 0x15b8  TermDD - ok
19:40:58.0090 0x15b8  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
19:40:58.0107 0x15b8  TermService - ok
19:40:58.0135 0x15b8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:40:58.0144 0x15b8  Themes - ok
19:40:58.0150 0x15b8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:40:58.0170 0x15b8  THREADORDER - ok
19:40:58.0177 0x15b8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:40:58.0196 0x15b8  TrkWks - ok
19:40:58.0245 0x15b8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:40:58.0265 0x15b8  TrustedInstaller - ok
19:40:58.0288 0x15b8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:40:58.0295 0x15b8  tssecsrv - ok
19:40:58.0309 0x15b8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:40:58.0315 0x15b8  TsUsbFlt - ok
19:40:58.0317 0x15b8  tsusbhub - ok
19:40:58.0338 0x15b8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:40:58.0357 0x15b8  tunnel - ok
19:40:58.0380 0x15b8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:40:58.0386 0x15b8  uagp35 - ok
19:40:58.0425 0x15b8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:40:58.0447 0x15b8  udfs - ok
19:40:58.0474 0x15b8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:40:58.0482 0x15b8  UI0Detect - ok
19:40:58.0493 0x15b8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:40:58.0499 0x15b8  uliagpkx - ok
19:40:58.0515 0x15b8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
19:40:58.0522 0x15b8  umbus - ok
19:40:58.0554 0x15b8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:40:58.0560 0x15b8  UmPass - ok
19:40:58.0597 0x15b8  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:40:58.0607 0x15b8  UmRdpService - ok
19:40:58.0642 0x15b8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:40:58.0665 0x15b8  upnphost - ok
19:40:58.0708 0x15b8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:40:58.0715 0x15b8  usbaudio - ok
19:40:58.0747 0x15b8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:40:58.0754 0x15b8  usbccgp - ok
19:40:58.0772 0x15b8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:40:58.0779 0x15b8  usbcir - ok
19:40:58.0812 0x15b8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:40:58.0819 0x15b8  usbehci - ok
19:40:58.0838 0x15b8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:40:58.0849 0x15b8  usbhub - ok
19:40:58.0862 0x15b8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:40:58.0869 0x15b8  usbohci - ok
19:40:58.0898 0x15b8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:40:58.0905 0x15b8  usbprint - ok
19:40:58.0927 0x15b8  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:40:58.0935 0x15b8  USBSTOR - ok
19:40:58.0946 0x15b8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:40:58.0952 0x15b8  usbuhci - ok
19:40:58.0975 0x15b8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:40:58.0994 0x15b8  UxSms - ok
19:40:59.0000 0x15b8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
19:40:59.0006 0x15b8  VaultSvc - ok
19:40:59.0058 0x15b8  [ 4006E66939B4D716C990256CF93D4BC1, 5E9366D8B684768B0188077C05B52B29D43B9A401A73D81045B9823458334223 ] VBAudioVACMME   C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys
19:40:59.0063 0x15b8  VBAudioVACMME - ok
19:40:59.0080 0x15b8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:40:59.0086 0x15b8  vdrvroot - ok
19:40:59.0125 0x15b8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:40:59.0151 0x15b8  vds - ok
19:40:59.0183 0x15b8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:40:59.0192 0x15b8  vga - ok
19:40:59.0200 0x15b8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:40:59.0219 0x15b8  VgaSave - ok
19:40:59.0220 0x15b8  VGPU - ok
19:40:59.0235 0x15b8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:40:59.0243 0x15b8  vhdmp - ok
19:40:59.0250 0x15b8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:40:59.0255 0x15b8  viaide - ok
19:40:59.0272 0x15b8  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:40:59.0281 0x15b8  vmbus - ok
19:40:59.0300 0x15b8  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:40:59.0306 0x15b8  VMBusHID - ok
19:40:59.0318 0x15b8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:40:59.0324 0x15b8  volmgr - ok
19:40:59.0350 0x15b8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:40:59.0360 0x15b8  volmgrx - ok
19:40:59.0370 0x15b8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:40:59.0379 0x15b8  volsnap - ok
19:40:59.0408 0x15b8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:40:59.0415 0x15b8  vsmraid - ok
19:40:59.0488 0x15b8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:40:59.0530 0x15b8  VSS - ok
19:40:59.0538 0x15b8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:40:59.0546 0x15b8  vwifibus - ok
19:40:59.0581 0x15b8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:40:59.0604 0x15b8  W32Time - ok
19:40:59.0628 0x15b8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:40:59.0635 0x15b8  WacomPen - ok
19:40:59.0654 0x15b8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:40:59.0672 0x15b8  WANARP - ok
19:40:59.0675 0x15b8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:40:59.0692 0x15b8  Wanarpv6 - ok
19:40:59.0756 0x15b8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:40:59.0785 0x15b8  wbengine - ok
19:40:59.0798 0x15b8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:40:59.0809 0x15b8  WbioSrvc - ok
19:40:59.0841 0x15b8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:40:59.0855 0x15b8  wcncsvc - ok
19:40:59.0880 0x15b8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:40:59.0887 0x15b8  WcsPlugInService - ok
19:40:59.0907 0x15b8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:40:59.0912 0x15b8  Wd - ok
19:40:59.0958 0x15b8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:40:59.0974 0x15b8  Wdf01000 - ok
19:40:59.0986 0x15b8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:40:59.0998 0x15b8  WdiServiceHost - ok
19:41:00.0001 0x15b8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:41:00.0012 0x15b8  WdiSystemHost - ok
19:41:00.0050 0x15b8  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
19:41:00.0065 0x15b8  WebClient - ok
19:41:00.0092 0x15b8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:41:00.0114 0x15b8  Wecsvc - ok
19:41:00.0131 0x15b8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:41:00.0152 0x15b8  wercplsupport - ok
19:41:00.0159 0x15b8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:41:00.0179 0x15b8  WerSvc - ok
19:41:00.0209 0x15b8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:00.0226 0x15b8  WfpLwf - ok
19:41:00.0234 0x15b8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:41:00.0240 0x15b8  WIMMount - ok
19:41:00.0251 0x15b8  WinDefend - ok
19:41:00.0263 0x15b8  WinHttpAutoProxySvc - ok
19:41:00.0323 0x15b8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:41:00.0345 0x15b8  Winmgmt - ok
19:41:00.0390 0x15b8  WinRing0_1_2_0 - ok
19:41:00.0473 0x15b8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:41:00.0523 0x15b8  WinRM - ok
19:41:00.0552 0x15b8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:00.0560 0x15b8  WinUsb - ok
19:41:00.0602 0x15b8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:41:00.0624 0x15b8  Wlansvc - ok
19:41:00.0644 0x15b8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:41:00.0651 0x15b8  WmiAcpi - ok
19:41:00.0680 0x15b8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:41:00.0689 0x15b8  wmiApSrv - ok
19:41:00.0710 0x15b8  WMPNetworkSvc - ok
19:41:00.0740 0x15b8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:41:00.0747 0x15b8  WPCSvc - ok
19:41:00.0774 0x15b8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:41:00.0783 0x15b8  WPDBusEnum - ok
19:41:00.0808 0x15b8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:41:00.0825 0x15b8  ws2ifsl - ok
19:41:00.0841 0x15b8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:41:00.0852 0x15b8  wscsvc - ok
19:41:00.0854 0x15b8  WSearch - ok
19:41:01.0065 0x15b8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:41:01.0107 0x15b8  wuauserv - ok
19:41:01.0122 0x15b8  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:41:01.0140 0x15b8  WudfPf - ok
19:41:01.0162 0x15b8  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:01.0182 0x15b8  WUDFRd - ok
19:41:01.0208 0x15b8  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:41:01.0227 0x15b8  wudfsvc - ok
19:41:01.0261 0x15b8  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:41:01.0275 0x15b8  WwanSvc - ok
19:41:01.0322 0x15b8  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
19:41:01.0340 0x15b8  xnacc - ok
19:41:01.0342 0x15b8  ================ Scan global ===============================
19:41:01.0379 0x15b8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:41:01.0401 0x15b8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:41:01.0412 0x15b8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:41:01.0443 0x15b8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:41:01.0464 0x15b8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:41:01.0468 0x15b8  [ Global ] - ok
19:41:01.0468 0x15b8  ================ Scan MBR ==================================
19:41:01.0479 0x15b8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:41:01.0600 0x15b8  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
19:41:01.0600 0x15b8  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:41:02.0869 0x1680  Object required for P2P: [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK
19:41:04.0280 0x15b8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:41:04.0431 0x15b8  \Device\Harddisk1\DR1 - ok
19:41:05.0086 0x15b8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
19:41:05.0168 0x15b8  \Device\Harddisk2\DR2 - ok
19:41:05.0168 0x15b8  ================ Scan VBR ==================================
19:41:05.0170 0x15b8  [ 632A3749F19F5B2BA85962E5567E19EB ] \Device\Harddisk0\DR0\Partition1
19:41:05.0171 0x15b8  \Device\Harddisk0\DR0\Partition1 - ok
19:41:05.0172 0x15b8  [ EFDD704EE2CD7B9694F0617C5443D0A5 ] \Device\Harddisk0\DR0\Partition2
19:41:05.0173 0x15b8  \Device\Harddisk0\DR0\Partition2 - ok
19:41:05.0174 0x15b8  [ A193457624ED7282A21297A34FCB2B87 ] \Device\Harddisk1\DR1\Partition1
19:41:05.0175 0x15b8  \Device\Harddisk1\DR1\Partition1 - ok
19:41:05.0176 0x15b8  [ 4EFA31740DC501FB6E91B21980F68E48 ] \Device\Harddisk2\DR2\Partition1
19:41:05.0241 0x15b8  \Device\Harddisk2\DR2\Partition1 - ok
19:41:05.0242 0x15b8  ================ Scan generic autorun ======================
19:41:05.0487 0x15b8  [ A433600D55D6C7E165954009FA0149E0, DCEE341BF3AC501E150D64C9BF7FA697939D03480DF7A14BA28ACCB17F638D1C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
19:41:05.0707 0x15b8  RTHDVCPL - ok
19:41:05.0911 0x15b8  [ 920D0E9C8DD3879B45A547C9081E425B, FD7C4443B8D085526221F93581F0CDFCB0A9D886EB7A0FF01054DD4EC9E4EEA5 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
19:41:06.0080 0x15b8  ISCT Tray - ok
19:41:06.0462 0x15b8  [ E96A89F58BE362CFE38EDD5D9613E72A, C1102FB2BDC93C963D8DB9D0D4107A547D5E2FFE32A2437E70D0A3D91D1CF526 ] C:\Program Files\Logitech Gaming Software\LCore.exe
19:41:06.0807 0x15b8  Launch LCore - ok
19:41:06.0885 0x15b8  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
19:41:06.0924 0x15b8  MSC - ok
19:41:06.0998 0x15b8  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
19:41:07.0010 0x15b8  USB3MON - ok
19:41:07.0097 0x15b8  [ B0FCC4B7BB21FA6112532D424EE1B1AD, 294EAD47F50C69A61D97AFB1A07BBC37D3FCA5F6DAABD05FF7372B282C2CD4EB ] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
19:41:07.0122 0x15b8  Super Charger - ok
19:41:07.0155 0x15b8  [ 12916E0642E92561C98B18A2A2D01B14, 4C28478CFE25E1F29AEF8BA6F2FAF3E6C2B34BF18CA77052813903E10ADDCCD5 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
19:41:07.0165 0x15b8  SunJavaUpdateSched - ok
19:41:07.0201 0x15b8  [ 3525994B92F56740C64B5412AEF1411D, 08FB7F8E1C34109699F9431D56CE0E502E165A01C7494BD7AE35A687C45CC942 ] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
19:41:07.0214 0x15b8  Copperhead - detected UnsignedFile.Multi.Generic ( 1 )
19:41:14.0202 0x15b8  Detect skipped due to KSN trusted
19:41:14.0202 0x15b8  Copperhead - ok
19:41:14.0344 0x15b8  [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
19:41:14.0365 0x15b8  Raptr - ok
19:41:14.0431 0x15b8  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
19:41:14.0455 0x15b8  StartCCC - ok
19:41:14.0522 0x15b8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:41:14.0559 0x15b8  Sidebar - ok
19:41:14.0587 0x15b8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:41:14.0609 0x15b8  mctadmin - ok
19:41:14.0639 0x15b8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:41:14.0665 0x15b8  Sidebar - ok
19:41:14.0671 0x15b8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:41:14.0681 0x15b8  mctadmin - ok
19:41:14.0768 0x15b8  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
19:41:14.0814 0x15b8  Sidebar - ok
19:41:14.0851 0x15b8  authenticator - ok
19:41:14.0851 0x15b8  Waiting for KSN requests completion. In queue: 195
19:41:15.0851 0x15b8  Waiting for KSN requests completion. In queue: 195
19:41:16.0852 0x15b8  Waiting for KSN requests completion. In queue: 195
19:41:17.0539 0x1680  Object send P2P result: true
19:41:17.0545 0x1680  Object required for P2P: [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
19:41:17.0852 0x15b8  Waiting for KSN requests completion. In queue: 97
19:41:18.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:19.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:20.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:21.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:22.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:23.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:24.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:25.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:26.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:27.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:28.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:29.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:30.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:31.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:32.0852 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:33.0853 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:34.0853 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:35.0853 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:36.0853 0x15b8  Waiting for KSN requests completion. In queue: 90
19:41:37.0547 0x1680  Object send P2P result: false
19:41:37.0859 0x15b8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
19:41:37.0869 0x15b8  Win FW state via NFP2: enabled
19:41:40.0528 0x15b8  ============================================================
19:41:40.0528 0x15b8  Scan finished
19:41:40.0528 0x15b8  ============================================================
19:41:40.0532 0x1288  Detected object count: 1
19:41:40.0532 0x1288  Actual detected object count: 1
19:42:16.0986 0x1288  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:42:16.0986 0x1288  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         
__________________

Geändert von IIArtyII (05.02.2015 um 19:43 Uhr) Grund: Rechtschreibung

Alt 06.02.2015, 07:51   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Zitat:
19:42:16.0986 0x1288 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:42:16.0986 0x1288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 09:25   #5
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Code:
ATTFilter
09:13:33.0743 0x118c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:13:36.0832 0x118c  ============================================================
09:13:36.0832 0x118c  Current date / time: 2015/02/06 09:13:36.0832
09:13:36.0832 0x118c  SystemInfo:
09:13:36.0832 0x118c  
09:13:36.0832 0x118c  OS Version: 6.1.7601 ServicePack: 1.0
09:13:36.0832 0x118c  Product type: Workstation
09:13:36.0832 0x118c  ComputerName: ARTY-PC
09:13:36.0832 0x118c  UserName: Arty
09:13:36.0832 0x118c  Windows directory: C:\Windows
09:13:36.0832 0x118c  System windows directory: C:\Windows
09:13:36.0832 0x118c  Running under WOW64
09:13:36.0832 0x118c  Processor architecture: Intel x64
09:13:36.0832 0x118c  Number of processors: 8
09:13:36.0832 0x118c  Page size: 0x1000
09:13:36.0832 0x118c  Boot type: Normal boot
09:13:36.0832 0x118c  ============================================================
09:13:39.0031 0x118c  KLMD registered as C:\Windows\system32\drivers\34344064.sys
09:13:39.0452 0x118c  System UUID: {D7F159AB-3360-B335-5E46-29ECA33905BD}
09:13:40.0092 0x118c  Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 ( 372.61 Gb ), SectorSize: 0x200, Cylinders: 0xC9E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:13:40.0108 0x118c  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:45.0100 0x118c  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:13:45.0100 0x118c  ============================================================
09:13:45.0100 0x118c  \Device\Harddisk0\DR0:
09:13:45.0100 0x118c  MBR partitions:
09:13:45.0100 0x118c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:13:45.0100 0x118c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2E905800
09:13:45.0100 0x118c  \Device\Harddisk1\DR1:
09:13:45.0100 0x118c  MBR partitions:
09:13:45.0100 0x118c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
09:13:45.0100 0x118c  \Device\Harddisk2\DR2:
09:13:45.0100 0x118c  MBR partitions:
09:13:45.0100 0x118c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
09:13:45.0100 0x118c  ============================================================
09:13:45.0146 0x118c  C: <-> \Device\Harddisk0\DR0\Partition2
09:13:45.0178 0x118c  D: <-> \Device\Harddisk0\DR0\Partition1
09:13:45.0193 0x118c  F: <-> \Device\Harddisk1\DR1\Partition1
09:13:45.0193 0x118c  G: <-> \Device\Harddisk2\DR2\Partition1
09:13:45.0193 0x118c  ============================================================
09:13:45.0193 0x118c  Initialize success
09:13:45.0193 0x118c  ============================================================
09:13:56.0207 0x0d08  ============================================================
09:13:56.0207 0x0d08  Scan started
09:13:56.0207 0x0d08  Mode: Manual; SigCheck; TDLFS; 
09:13:56.0207 0x0d08  ============================================================
09:13:56.0207 0x0d08  KSN ping started
09:13:58.0906 0x0d08  KSN ping finished: true
09:13:59.0888 0x0d08  ================ Scan system memory ========================
09:13:59.0888 0x0d08  System memory - ok
09:13:59.0888 0x0d08  ================ Scan services =============================
09:13:59.0966 0x0d08  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:14:00.0044 0x0d08  1394ohci - ok
09:14:00.0076 0x0d08  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:14:00.0091 0x0d08  ACPI - ok
09:14:00.0107 0x0d08  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:14:00.0185 0x0d08  AcpiPmi - ok
09:14:00.0232 0x0d08  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:14:00.0247 0x0d08  AdobeARMservice - ok
09:14:00.0325 0x0d08  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:14:00.0325 0x0d08  AdobeFlashPlayerUpdateSvc - ok
09:14:00.0372 0x0d08  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:14:00.0388 0x0d08  adp94xx - ok
09:14:00.0403 0x0d08  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:14:00.0419 0x0d08  adpahci - ok
09:14:00.0434 0x0d08  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:14:00.0450 0x0d08  adpu320 - ok
09:14:00.0466 0x0d08  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:14:00.0575 0x0d08  AeLookupSvc - ok
09:14:00.0606 0x0d08  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:14:00.0653 0x0d08  AFD - ok
09:14:00.0668 0x0d08  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:14:00.0684 0x0d08  agp440 - ok
09:14:00.0700 0x0d08  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:14:00.0746 0x0d08  ALG - ok
09:14:00.0762 0x0d08  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:14:00.0762 0x0d08  aliide - ok
09:14:00.0793 0x0d08  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:14:00.0824 0x0d08  AMD External Events Utility - ok
09:14:00.0856 0x0d08  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:14:00.0871 0x0d08  amdide - ok
09:14:00.0902 0x0d08  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:14:00.0934 0x0d08  AmdK8 - ok
09:14:01.0511 0x0d08  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:14:01.0854 0x0d08  amdkmdag - ok
09:14:01.0916 0x0d08  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:14:01.0963 0x0d08  amdkmdap - ok
09:14:01.0979 0x0d08  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:14:02.0010 0x0d08  AmdPPM - ok
09:14:02.0026 0x0d08  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:14:02.0041 0x0d08  amdsata - ok
09:14:02.0057 0x0d08  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:14:02.0072 0x0d08  amdsbs - ok
09:14:02.0088 0x0d08  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:14:02.0088 0x0d08  amdxata - ok
09:14:02.0104 0x0d08  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:14:02.0213 0x0d08  AppID - ok
09:14:02.0244 0x0d08  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:14:02.0291 0x0d08  AppIDSvc - ok
09:14:02.0306 0x0d08  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:14:02.0353 0x0d08  Appinfo - ok
09:14:02.0353 0x0d08  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:14:02.0400 0x0d08  AppMgmt - ok
09:14:02.0431 0x0d08  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:14:02.0447 0x0d08  arc - ok
09:14:02.0447 0x0d08  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:14:02.0462 0x0d08  arcsas - ok
09:14:02.0556 0x0d08  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:14:02.0556 0x0d08  aspnet_state - ok
09:14:02.0572 0x0d08  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:14:02.0603 0x0d08  AsyncMac - ok
09:14:02.0618 0x0d08  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:14:02.0634 0x0d08  atapi - ok
09:14:02.0650 0x0d08  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:14:02.0681 0x0d08  AtiHDAudioService - ok
09:14:02.0743 0x0d08  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:14:02.0790 0x0d08  AudioEndpointBuilder - ok
09:14:02.0821 0x0d08  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:14:02.0852 0x0d08  AudioSrv - ok
09:14:02.0868 0x0d08  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:14:02.0899 0x0d08  AxInstSV - ok
09:14:02.0946 0x0d08  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:14:02.0977 0x0d08  b06bdrv - ok
09:14:03.0008 0x0d08  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:14:03.0024 0x0d08  b57nd60a - ok
09:14:03.0071 0x0d08  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:14:03.0149 0x0d08  BDESVC - ok
09:14:03.0180 0x0d08  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:14:03.0211 0x0d08  Beep - ok
09:14:03.0258 0x0d08  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:14:03.0305 0x0d08  BFE - ok
09:14:03.0367 0x0d08  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:14:03.0414 0x0d08  BITS - ok
09:14:03.0430 0x0d08  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:14:03.0461 0x0d08  blbdrive - ok
09:14:03.0492 0x0d08  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:14:03.0523 0x0d08  bowser - ok
09:14:03.0539 0x0d08  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:14:03.0586 0x0d08  BrFiltLo - ok
09:14:03.0586 0x0d08  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:14:03.0601 0x0d08  BrFiltUp - ok
09:14:03.0632 0x0d08  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:14:03.0664 0x0d08  Browser - ok
09:14:03.0695 0x0d08  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:14:03.0757 0x0d08  Brserid - ok
09:14:03.0757 0x0d08  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:14:03.0788 0x0d08  BrSerWdm - ok
09:14:03.0788 0x0d08  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:14:03.0804 0x0d08  BrUsbMdm - ok
09:14:03.0835 0x0d08  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:14:03.0851 0x0d08  BrUsbSer - ok
09:14:03.0866 0x0d08  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:14:03.0898 0x0d08  BTHMODEM - ok
09:14:03.0913 0x0d08  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:14:03.0960 0x0d08  bthserv - ok
09:14:03.0976 0x0d08  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:14:04.0007 0x0d08  cdfs - ok
09:14:04.0038 0x0d08  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:14:04.0054 0x0d08  cdrom - ok
09:14:04.0085 0x0d08  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:14:04.0116 0x0d08  CertPropSvc - ok
09:14:04.0132 0x0d08  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:14:04.0147 0x0d08  circlass - ok
09:14:04.0194 0x0d08  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:14:04.0210 0x0d08  CLFS - ok
09:14:04.0256 0x0d08  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:14:04.0272 0x0d08  clr_optimization_v2.0.50727_32 - ok
09:14:04.0303 0x0d08  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:14:04.0303 0x0d08  clr_optimization_v2.0.50727_64 - ok
09:14:04.0366 0x0d08  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:14:04.0366 0x0d08  clr_optimization_v4.0.30319_32 - ok
09:14:04.0381 0x0d08  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:14:04.0381 0x0d08  clr_optimization_v4.0.30319_64 - ok
09:14:04.0412 0x0d08  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:14:04.0444 0x0d08  CmBatt - ok
09:14:04.0459 0x0d08  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:14:04.0459 0x0d08  cmdide - ok
09:14:04.0490 0x0d08  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:14:04.0506 0x0d08  CNG - ok
09:14:04.0522 0x0d08  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:14:04.0537 0x0d08  Compbatt - ok
09:14:04.0553 0x0d08  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:14:04.0568 0x0d08  CompositeBus - ok
09:14:04.0568 0x0d08  COMSysApp - ok
09:14:04.0615 0x0d08  [ 44622785D2D2DD8B13E6DC969B6E34A4, 98F3D48A80A6C28776EF77782472428F107C6B4203A82537730679EA5E742521 ] copperhd        C:\Windows\system32\drivers\copperhd.sys
09:14:04.0662 0x0d08  copperhd - ok
09:14:04.0678 0x0d08  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:14:04.0693 0x0d08  crcdisk - ok
09:14:04.0724 0x0d08  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:14:04.0756 0x0d08  CryptSvc - ok
09:14:04.0802 0x0d08  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:14:04.0849 0x0d08  CSC - ok
09:14:04.0896 0x0d08  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:14:04.0927 0x0d08  CscService - ok
09:14:04.0974 0x0d08  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:14:05.0005 0x0d08  DcomLaunch - ok
09:14:05.0036 0x0d08  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:14:05.0068 0x0d08  defragsvc - ok
09:14:05.0114 0x0d08  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:14:05.0146 0x0d08  DfsC - ok
09:14:05.0161 0x0d08  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:14:05.0208 0x0d08  Dhcp - ok
09:14:05.0224 0x0d08  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:14:05.0255 0x0d08  discache - ok
09:14:05.0270 0x0d08  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:14:05.0286 0x0d08  Disk - ok
09:14:05.0317 0x0d08  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:14:05.0348 0x0d08  Dnscache - ok
09:14:05.0380 0x0d08  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:14:05.0411 0x0d08  dot3svc - ok
09:14:05.0426 0x0d08  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:14:05.0473 0x0d08  DPS - ok
09:14:05.0520 0x0d08  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:14:05.0536 0x0d08  drmkaud - ok
09:14:05.0582 0x0d08  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:14:05.0598 0x0d08  DXGKrnl - ok
09:14:05.0614 0x0d08  EagleX64 - ok
09:14:05.0645 0x0d08  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:14:05.0676 0x0d08  EapHost - ok
09:14:05.0676 0x0d08  EasyAntiCheat - ok
09:14:05.0801 0x0d08  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:14:05.0894 0x0d08  ebdrv - ok
09:14:05.0926 0x0d08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:14:05.0957 0x0d08  EFS - ok
09:14:06.0004 0x0d08  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:14:06.0050 0x0d08  ehRecvr - ok
09:14:06.0066 0x0d08  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:14:06.0128 0x0d08  ehSched - ok
09:14:06.0175 0x0d08  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:14:06.0191 0x0d08  elxstor - ok
09:14:06.0206 0x0d08  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:14:06.0222 0x0d08  ErrDev - ok
09:14:06.0300 0x0d08  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:14:06.0331 0x0d08  EventSystem - ok
09:14:06.0362 0x0d08  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:14:06.0394 0x0d08  exfat - ok
09:14:06.0425 0x0d08  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:14:06.0440 0x0d08  fastfat - ok
09:14:06.0503 0x0d08  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:14:06.0550 0x0d08  Fax - ok
09:14:06.0550 0x0d08  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:14:06.0565 0x0d08  fdc - ok
09:14:06.0581 0x0d08  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:14:06.0612 0x0d08  fdPHost - ok
09:14:06.0643 0x0d08  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:14:06.0659 0x0d08  FDResPub - ok
09:14:06.0690 0x0d08  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:14:06.0706 0x0d08  FileInfo - ok
09:14:06.0706 0x0d08  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:14:06.0737 0x0d08  Filetrace - ok
09:14:06.0752 0x0d08  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:14:06.0752 0x0d08  flpydisk - ok
09:14:06.0784 0x0d08  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:14:06.0799 0x0d08  FltMgr - ok
09:14:06.0862 0x0d08  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:14:06.0908 0x0d08  FontCache - ok
09:14:06.0940 0x0d08  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:14:06.0955 0x0d08  FontCache3.0.0.0 - ok
09:14:06.0986 0x0d08  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:14:06.0986 0x0d08  FsDepends - ok
09:14:07.0018 0x0d08  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:14:07.0018 0x0d08  Fs_Rec - ok
09:14:07.0064 0x0d08  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:14:07.0064 0x0d08  fvevol - ok
09:14:07.0080 0x0d08  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:14:07.0096 0x0d08  gagp30kx - ok
09:14:07.0142 0x0d08  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:14:07.0205 0x0d08  gpsvc - ok
09:14:07.0236 0x0d08  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:14:07.0236 0x0d08  gupdate - ok
09:14:07.0252 0x0d08  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:14:07.0252 0x0d08  gupdatem - ok
09:14:07.0283 0x0d08  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:14:07.0314 0x0d08  hcw85cir - ok
09:14:07.0345 0x0d08  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:14:07.0361 0x0d08  HdAudAddService - ok
09:14:07.0376 0x0d08  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:14:07.0392 0x0d08  HDAudBus - ok
09:14:07.0408 0x0d08  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:14:07.0439 0x0d08  HidBatt - ok
09:14:07.0470 0x0d08  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:14:07.0486 0x0d08  HidBth - ok
09:14:07.0501 0x0d08  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:14:07.0517 0x0d08  HidIr - ok
09:14:07.0548 0x0d08  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:14:07.0595 0x0d08  hidserv - ok
09:14:07.0610 0x0d08  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
09:14:07.0626 0x0d08  HidUsb - ok
09:14:07.0642 0x0d08  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:14:07.0688 0x0d08  hkmsvc - ok
09:14:07.0720 0x0d08  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:14:07.0751 0x0d08  HomeGroupListener - ok
09:14:07.0782 0x0d08  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:14:07.0798 0x0d08  HomeGroupProvider - ok
09:14:07.0813 0x0d08  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:14:07.0813 0x0d08  HpSAMD - ok
09:14:07.0860 0x0d08  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:14:07.0907 0x0d08  HTTP - ok
09:14:07.0922 0x0d08  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:14:07.0938 0x0d08  hwpolicy - ok
09:14:07.0969 0x0d08  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:14:07.0969 0x0d08  i8042prt - ok
09:14:08.0000 0x0d08  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:14:08.0016 0x0d08  iaStorV - ok
09:14:08.0078 0x0d08  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:14:08.0110 0x0d08  idsvc - ok
09:14:08.0110 0x0d08  IEEtwCollectorService - ok
09:14:08.0156 0x0d08  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:14:08.0156 0x0d08  iirsp - ok
09:14:08.0188 0x0d08  [ FF604BCE2537A4734DA0CE19AD9B7B7A, E40E87961F46B374122ED2B06E79C575FCFA4D29F95763ADC7E88270D064AFE8 ] ikbevent        C:\Windows\system32\DRIVERS\ikbevent.sys
09:14:08.0203 0x0d08  ikbevent - ok
09:14:08.0250 0x0d08  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:14:08.0297 0x0d08  IKEEXT - ok
09:14:08.0312 0x0d08  [ 298E67827BE3C4403C32EAB66987A334, BE7D95E2BB0D6D60B40966305D0354CA93F773FD2FA2727F1076DC8E162D5EB1 ] imsevent        C:\Windows\system32\DRIVERS\imsevent.sys
09:14:08.0328 0x0d08  imsevent - ok
09:14:08.0328 0x0d08  [ 4709FA618952E381ED9BF40B524E8EAC, FA6B7EEA1F122BE8731C4B26F5BA21F5B73F19BBD85F938AFF66E8558C793682 ] INETMON         C:\Windows\System32\Drivers\INETMON.sys
09:14:08.0344 0x0d08  INETMON - ok
09:14:08.0484 0x0d08  [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:14:08.0531 0x0d08  IntcAzAudAddService - ok
09:14:08.0640 0x0d08  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:14:09.0014 0x0d08  Intel(R) Capability Licensing Service TCP IP Interface - ok
09:14:09.0030 0x0d08  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:14:09.0030 0x0d08  intelide - ok
09:14:09.0061 0x0d08  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:14:09.0077 0x0d08  intelppm - ok
09:14:09.0108 0x0d08  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:14:09.0139 0x0d08  IPBusEnum - ok
09:14:09.0170 0x0d08  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:14:09.0202 0x0d08  IpFilterDriver - ok
09:14:09.0233 0x0d08  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:14:09.0264 0x0d08  iphlpsvc - ok
09:14:09.0295 0x0d08  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:14:09.0311 0x0d08  IPMIDRV - ok
09:14:09.0342 0x0d08  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:14:09.0373 0x0d08  IPNAT - ok
09:14:09.0389 0x0d08  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:14:09.0467 0x0d08  IRENUM - ok
09:14:09.0482 0x0d08  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:14:09.0482 0x0d08  isapnp - ok
09:14:09.0498 0x0d08  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:14:09.0514 0x0d08  iScsiPrt - ok
09:14:09.0545 0x0d08  [ 35C0995BCDB0E45D1EEBE4FB582D1563, 67B44EE25B8FF5778AC58255265536EC4CC444A5A8368D6311DEDAF58357E5ED ] ISCT            C:\Windows\system32\DRIVERS\ISCTD.sys
09:14:09.0560 0x0d08  ISCT - ok
09:14:09.0592 0x0d08  [ B6064D8C7500E416BC0B7CB2A8474D3A, 824CD7539398119DEF147EEDDBF010EA9B6184B8FA4B17BDDC0D9948F0F66991 ] ISCTAgent       C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
09:14:09.0607 0x0d08  ISCTAgent - ok
09:14:09.0638 0x0d08  [ 45392E76EE30DC9C8F0181C785F0BA48, 7FB522E1AA9B877B9FB1A29C2ADC42EA794E8864AD2411AD275F00F00547F8F3 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:14:09.0638 0x0d08  iusb3hcs - ok
09:14:09.0685 0x0d08  [ C6E8FB7FF41877378CCB30DE6E9941DF, CA808A00C0CC21C1C7BE54F0D1E5D3F24C0032BE821C064E0A63901F20F3C6BC ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
09:14:09.0685 0x0d08  iusb3hub - ok
09:14:09.0748 0x0d08  [ 6FBA980433B2B21604CE990FBF542D3F, ACB35A5558DD9EF9A339C9D061207AF5527D3AEFC9AC99AB6CFBA1CE92F8B62D ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:14:09.0763 0x0d08  iusb3xhc - ok
09:14:09.0794 0x0d08  [ BDC9C7931DB723CB1AF9F7075EA06645, EEBD5DC9C4656F14F8F0A0A5E84657B6B2BA35283E0E571119DA82F131D5C21B ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
09:14:09.0810 0x0d08  jhi_service - ok
09:14:09.0826 0x0d08  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:14:09.0826 0x0d08  kbdclass - ok
09:14:09.0841 0x0d08  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:14:09.0857 0x0d08  kbdhid - ok
09:14:09.0872 0x0d08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:14:09.0888 0x0d08  KeyIso - ok
09:14:09.0904 0x0d08  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:14:09.0919 0x0d08  KSecDD - ok
09:14:09.0935 0x0d08  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:14:09.0935 0x0d08  KSecPkg - ok
09:14:09.0950 0x0d08  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:14:09.0997 0x0d08  ksthunk - ok
09:14:10.0013 0x0d08  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:14:10.0060 0x0d08  KtmRm - ok
09:14:10.0091 0x0d08  [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
09:14:10.0106 0x0d08  LADF_CaptureOnly - ok
09:14:10.0122 0x0d08  [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
09:14:10.0122 0x0d08  LADF_RenderOnly - ok
09:14:10.0169 0x0d08  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:14:10.0200 0x0d08  LanmanServer - ok
09:14:10.0231 0x0d08  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:14:10.0262 0x0d08  LanmanWorkstation - ok
09:14:10.0294 0x0d08  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
09:14:10.0294 0x0d08  LGBusEnum - ok
09:14:10.0325 0x0d08  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
09:14:10.0325 0x0d08  LGVirHid - ok
09:14:10.0356 0x0d08  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:14:10.0387 0x0d08  lltdio - ok
09:14:10.0418 0x0d08  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:14:10.0465 0x0d08  lltdsvc - ok
09:14:10.0481 0x0d08  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:14:10.0496 0x0d08  lmhosts - ok
09:14:10.0543 0x0d08  [ A7D2A96187E5C5F4F7650900A15788AA, F131C3E8206A89A9244ECF2507F4FC1A8550E594A58F75338939A54C973078AF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:14:10.0559 0x0d08  LMS - ok
09:14:10.0574 0x0d08  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:14:10.0574 0x0d08  LSI_FC - ok
09:14:10.0621 0x0d08  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:14:10.0621 0x0d08  LSI_SAS - ok
09:14:10.0637 0x0d08  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:14:10.0637 0x0d08  LSI_SAS2 - ok
09:14:10.0652 0x0d08  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:14:10.0652 0x0d08  LSI_SCSI - ok
09:14:10.0668 0x0d08  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:14:10.0699 0x0d08  luafv - ok
09:14:10.0715 0x0d08  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:14:10.0746 0x0d08  Mcx2Svc - ok
09:14:10.0777 0x0d08  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:14:10.0777 0x0d08  megasas - ok
09:14:10.0793 0x0d08  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:14:10.0808 0x0d08  MegaSR - ok
09:14:10.0840 0x0d08  [ AFEA4FAABCE6F0C299E9231FF4F466BE, BCF0C50F02C4AC2784139935F3756F5C4D24FCAF07ACD9567B87991A9D1F16DB ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
09:14:10.0840 0x0d08  MEIx64 - ok
09:14:10.0871 0x0d08  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:14:10.0902 0x0d08  MMCSS - ok
09:14:10.0918 0x0d08  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:14:10.0949 0x0d08  Modem - ok
09:14:10.0980 0x0d08  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:14:10.0996 0x0d08  monitor - ok
09:14:11.0027 0x0d08  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:14:11.0027 0x0d08  mouclass - ok
09:14:11.0089 0x0d08  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:14:11.0105 0x0d08  mouhid - ok
09:14:11.0136 0x0d08  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:14:11.0152 0x0d08  mountmgr - ok
09:14:11.0167 0x0d08  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:14:11.0183 0x0d08  MozillaMaintenance - ok
09:14:11.0198 0x0d08  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:14:11.0214 0x0d08  MpFilter - ok
09:14:11.0230 0x0d08  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:14:11.0245 0x0d08  mpio - ok
09:14:11.0276 0x0d08  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:14:11.0292 0x0d08  mpsdrv - ok
09:14:11.0339 0x0d08  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:14:11.0386 0x0d08  MpsSvc - ok
09:14:11.0432 0x0d08  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:14:11.0464 0x0d08  MRxDAV - ok
09:14:11.0479 0x0d08  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:11.0526 0x0d08  mrxsmb - ok
09:14:11.0557 0x0d08  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:11.0573 0x0d08  mrxsmb10 - ok
09:14:11.0604 0x0d08  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:11.0604 0x0d08  mrxsmb20 - ok
09:14:11.0635 0x0d08  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:14:11.0635 0x0d08  msahci - ok
09:14:11.0651 0x0d08  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:14:11.0651 0x0d08  msdsm - ok
09:14:11.0666 0x0d08  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:14:11.0698 0x0d08  MSDTC - ok
09:14:11.0713 0x0d08  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:14:11.0729 0x0d08  Msfs - ok
09:14:11.0744 0x0d08  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:14:11.0776 0x0d08  mshidkmdf - ok
09:14:11.0776 0x0d08  MSICDSetup - ok
09:14:11.0807 0x0d08  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:14:11.0807 0x0d08  msisadrv - ok
09:14:11.0838 0x0d08  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:14:11.0885 0x0d08  MSiSCSI - ok
09:14:11.0885 0x0d08  msiserver - ok
09:14:11.0916 0x0d08  [ 6AFCD25B843D0C731B6987E39995AE72, FD0F2E15B0CEB1E558BD8A02D59B9002706A003049678281A446BC4398862B70 ] MSI_SuperCharger C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
09:14:11.0916 0x0d08  MSI_SuperCharger - ok
09:14:11.0947 0x0d08  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:14:11.0978 0x0d08  MSKSSRV - ok
09:14:12.0025 0x0d08  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:14:12.0025 0x0d08  MsMpSvc - ok
09:14:12.0041 0x0d08  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:12.0072 0x0d08  MSPCLOCK - ok
09:14:12.0088 0x0d08  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:14:12.0119 0x0d08  MSPQM - ok
09:14:12.0150 0x0d08  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:14:12.0166 0x0d08  MsRPC - ok
09:14:12.0181 0x0d08  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:14:12.0197 0x0d08  mssmbios - ok
09:14:12.0212 0x0d08  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:14:12.0259 0x0d08  MSTEE - ok
09:14:12.0259 0x0d08  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:14:12.0290 0x0d08  MTConfig - ok
09:14:12.0306 0x0d08  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:14:12.0306 0x0d08  Mup - ok
09:14:12.0337 0x0d08  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:14:12.0384 0x0d08  napagent - ok
09:14:12.0400 0x0d08  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:14:12.0431 0x0d08  NativeWifiP - ok
09:14:12.0478 0x0d08  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:14:12.0509 0x0d08  NDIS - ok
09:14:12.0524 0x0d08  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:14:12.0540 0x0d08  NdisCap - ok
09:14:12.0556 0x0d08  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:12.0587 0x0d08  NdisTapi - ok
09:14:12.0618 0x0d08  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:12.0649 0x0d08  Ndisuio - ok
09:14:12.0665 0x0d08  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:12.0712 0x0d08  NdisWan - ok
09:14:12.0712 0x0d08  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:14:12.0758 0x0d08  NDProxy - ok
09:14:12.0774 0x0d08  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:14:12.0805 0x0d08  NetBIOS - ok
09:14:12.0836 0x0d08  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:14:12.0868 0x0d08  NetBT - ok
09:14:12.0883 0x0d08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:14:12.0899 0x0d08  Netlogon - ok
09:14:12.0946 0x0d08  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:14:12.0977 0x0d08  Netman - ok
09:14:13.0008 0x0d08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0008 0x0d08  NetMsmqActivator - ok
09:14:13.0024 0x0d08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0039 0x0d08  NetPipeActivator - ok
09:14:13.0086 0x0d08  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:14:13.0133 0x0d08  netprofm - ok
09:14:13.0133 0x0d08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0148 0x0d08  NetTcpActivator - ok
09:14:13.0148 0x0d08  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:14:13.0164 0x0d08  NetTcpPortSharing - ok
09:14:13.0211 0x0d08  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:14:13.0211 0x0d08  nfrd960 - ok
09:14:13.0242 0x0d08  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:14:13.0258 0x0d08  NisDrv - ok
09:14:13.0273 0x0d08  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
09:14:13.0289 0x0d08  NisSrv - ok
09:14:13.0336 0x0d08  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:14:13.0367 0x0d08  NlaSvc - ok
09:14:13.0382 0x0d08  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:14:13.0414 0x0d08  Npfs - ok
09:14:13.0429 0x0d08  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:14:13.0460 0x0d08  nsi - ok
09:14:13.0476 0x0d08  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:14:13.0507 0x0d08  nsiproxy - ok
09:14:13.0585 0x0d08  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:14:13.0616 0x0d08  Ntfs - ok
09:14:13.0648 0x0d08  [ 23CF3DA010497EB2BF39A5C5A57E437C, 39CFDE7D401EFCE4F550E0A9461F5FC4D71FA07235E1336E4F0B4882BD76550E ] NTIOLib_1_0_3   C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
09:14:13.0663 0x0d08  NTIOLib_1_0_3 - ok
09:14:13.0663 0x0d08  NTIOLib_1_0_C - ok
09:14:13.0679 0x0d08  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:14:13.0710 0x0d08  Null - ok
09:14:13.0741 0x0d08  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:14:13.0741 0x0d08  nvraid - ok
09:14:13.0757 0x0d08  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:14:13.0772 0x0d08  nvstor - ok
09:14:13.0772 0x0d08  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:14:13.0788 0x0d08  nv_agp - ok
09:14:13.0804 0x0d08  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:14:13.0804 0x0d08  ohci1394 - ok
09:14:13.0897 0x0d08  [ 4F2ED8FB21F127DC1FA98D4CA2279E75, 96DB5DF9C55757EB2F761309036F87D8C55BAB2851FBB716A02A9248712CB13A ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
09:14:13.0944 0x0d08  Origin Client Service - ok
09:14:13.0991 0x0d08  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:14:14.0022 0x0d08  p2pimsvc - ok
09:14:14.0053 0x0d08  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:14:14.0069 0x0d08  p2psvc - ok
09:14:14.0100 0x0d08  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:14:14.0100 0x0d08  Parport - ok
09:14:14.0131 0x0d08  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:14:14.0147 0x0d08  partmgr - ok
09:14:14.0162 0x0d08  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:14:14.0194 0x0d08  PcaSvc - ok
09:14:14.0225 0x0d08  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:14:14.0240 0x0d08  pci - ok
09:14:14.0256 0x0d08  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:14:14.0256 0x0d08  pciide - ok
09:14:14.0287 0x0d08  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:14:14.0287 0x0d08  pcmcia - ok
09:14:14.0303 0x0d08  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:14:14.0318 0x0d08  pcw - ok
09:14:14.0350 0x0d08  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:14:14.0396 0x0d08  PEAUTH - ok
09:14:14.0443 0x0d08  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:14:14.0521 0x0d08  PeerDistSvc - ok
09:14:14.0584 0x0d08  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:14:14.0599 0x0d08  PerfHost - ok
09:14:14.0662 0x0d08  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:14:14.0724 0x0d08  pla - ok
09:14:14.0771 0x0d08  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:14:14.0802 0x0d08  PlugPlay - ok
09:14:14.0833 0x0d08  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
09:14:14.0849 0x0d08  PnkBstrA - ok
09:14:14.0880 0x0d08  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:14:14.0896 0x0d08  PNRPAutoReg - ok
09:14:14.0911 0x0d08  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:14:14.0927 0x0d08  PNRPsvc - ok
09:14:14.0974 0x0d08  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:14:15.0005 0x0d08  PolicyAgent - ok
09:14:15.0052 0x0d08  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:14:15.0083 0x0d08  Power - ok
09:14:15.0114 0x0d08  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:14:15.0145 0x0d08  PptpMiniport - ok
09:14:15.0145 0x0d08  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:14:15.0176 0x0d08  Processor - ok
09:14:15.0208 0x0d08  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
09:14:15.0239 0x0d08  ProfSvc - ok
09:14:15.0254 0x0d08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:14:15.0254 0x0d08  ProtectedStorage - ok
09:14:15.0286 0x0d08  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:14:15.0301 0x0d08  Psched - ok
09:14:15.0379 0x0d08  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:14:15.0426 0x0d08  ql2300 - ok
09:14:15.0442 0x0d08  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:14:15.0442 0x0d08  ql40xx - ok
09:14:15.0488 0x0d08  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:14:15.0520 0x0d08  QWAVE - ok
09:14:15.0535 0x0d08  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:14:15.0566 0x0d08  QWAVEdrv - ok
09:14:15.0582 0x0d08  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:14:15.0629 0x0d08  RasAcd - ok
09:14:15.0644 0x0d08  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:14:15.0660 0x0d08  RasAgileVpn - ok
09:14:15.0691 0x0d08  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:14:15.0738 0x0d08  RasAuto - ok
09:14:15.0769 0x0d08  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:15.0800 0x0d08  Rasl2tp - ok
09:14:15.0832 0x0d08  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:14:15.0878 0x0d08  RasMan - ok
09:14:15.0894 0x0d08  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:15.0925 0x0d08  RasPppoe - ok
09:14:15.0956 0x0d08  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:14:15.0972 0x0d08  RasSstp - ok
09:14:16.0019 0x0d08  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:14:16.0050 0x0d08  rdbss - ok
09:14:16.0081 0x0d08  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:14:16.0097 0x0d08  rdpbus - ok
09:14:16.0112 0x0d08  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:16.0144 0x0d08  RDPCDD - ok
09:14:16.0190 0x0d08  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:14:16.0237 0x0d08  RDPDR - ok
09:14:16.0268 0x0d08  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:14:16.0300 0x0d08  RDPENCDD - ok
09:14:16.0315 0x0d08  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:14:16.0331 0x0d08  RDPREFMP - ok
09:14:16.0393 0x0d08  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:14:16.0424 0x0d08  RdpVideoMiniport - ok
09:14:16.0456 0x0d08  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:14:16.0487 0x0d08  RDPWD - ok
09:14:16.0518 0x0d08  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:14:16.0534 0x0d08  rdyboost - ok
09:14:16.0565 0x0d08  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:14:16.0596 0x0d08  RemoteAccess - ok
09:14:16.0627 0x0d08  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:14:16.0658 0x0d08  RemoteRegistry - ok
09:14:16.0690 0x0d08  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:14:16.0721 0x0d08  RpcEptMapper - ok
09:14:16.0736 0x0d08  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:14:16.0752 0x0d08  RpcLocator - ok
09:14:16.0799 0x0d08  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:14:16.0830 0x0d08  RpcSs - ok
09:14:16.0861 0x0d08  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:14:16.0892 0x0d08  rspndr - ok
09:14:16.0939 0x0d08  [ AC4CA62572CA516945AB92D6C9F501F4, 6CB4178DD1ED3D8224EA1F91CAA00AFBC756DCA2DFD71F399B05E511E79D5150 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:14:16.0955 0x0d08  RTL8167 - ok
09:14:16.0970 0x0d08  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:14:17.0002 0x0d08  s3cap - ok
09:14:17.0017 0x0d08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:14:17.0017 0x0d08  SamSs - ok
09:14:17.0048 0x0d08  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:14:17.0080 0x0d08  sbp2port - ok
09:14:17.0111 0x0d08  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:14:17.0142 0x0d08  SCardSvr - ok
09:14:17.0158 0x0d08  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:14:17.0189 0x0d08  scfilter - ok
09:14:17.0236 0x0d08  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:14:17.0314 0x0d08  Schedule - ok
09:14:17.0329 0x0d08  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:14:17.0360 0x0d08  SCPolicySvc - ok
09:14:17.0376 0x0d08  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:14:17.0407 0x0d08  SDRSVC - ok
09:14:17.0423 0x0d08  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:14:17.0454 0x0d08  secdrv - ok
09:14:17.0485 0x0d08  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:14:17.0516 0x0d08  seclogon - ok
09:14:17.0548 0x0d08  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:14:17.0579 0x0d08  SENS - ok
09:14:17.0579 0x0d08  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:14:17.0610 0x0d08  SensrSvc - ok
09:14:17.0610 0x0d08  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:14:17.0626 0x0d08  Serenum - ok
09:14:17.0641 0x0d08  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:14:17.0672 0x0d08  Serial - ok
09:14:17.0688 0x0d08  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:14:17.0719 0x0d08  sermouse - ok
09:14:17.0735 0x0d08  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:14:17.0766 0x0d08  SessionEnv - ok
09:14:17.0797 0x0d08  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:14:17.0813 0x0d08  sffdisk - ok
09:14:17.0828 0x0d08  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:14:17.0844 0x0d08  sffp_mmc - ok
09:14:17.0860 0x0d08  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:14:17.0875 0x0d08  sffp_sd - ok
09:14:17.0891 0x0d08  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:14:17.0922 0x0d08  sfloppy - ok
09:14:17.0969 0x0d08  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:14:18.0000 0x0d08  SharedAccess - ok
09:14:18.0047 0x0d08  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:14:18.0078 0x0d08  ShellHWDetection - ok
09:14:18.0094 0x0d08  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:14:18.0094 0x0d08  SiSRaid2 - ok
09:14:18.0109 0x0d08  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:14:18.0109 0x0d08  SiSRaid4 - ok
09:14:18.0156 0x0d08  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:14:18.0172 0x0d08  SkypeUpdate - ok
09:14:18.0203 0x0d08  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:14:18.0234 0x0d08  Smb - ok
09:14:18.0250 0x0d08  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:14:18.0281 0x0d08  SNMPTRAP - ok
09:14:18.0296 0x0d08  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:14:18.0296 0x0d08  spldr - ok
09:14:18.0343 0x0d08  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
09:14:18.0374 0x0d08  Spooler - ok
09:14:18.0484 0x0d08  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:14:18.0593 0x0d08  sppsvc - ok
09:14:18.0640 0x0d08  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:14:18.0671 0x0d08  sppuinotify - ok
09:14:18.0702 0x0d08  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:14:18.0749 0x0d08  srv - ok
09:14:18.0764 0x0d08  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:14:18.0796 0x0d08  srv2 - ok
09:14:18.0827 0x0d08  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:14:18.0858 0x0d08  srvnet - ok
09:14:18.0905 0x0d08  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:14:18.0936 0x0d08  SSDPSRV - ok
09:14:18.0952 0x0d08  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:14:18.0967 0x0d08  SstpSvc - ok
09:14:19.0030 0x0d08  [ 00D1DA2916DC90BDB64942FE2BEB865B, 4FEE3AC3649F9E9879F4C083C4A6B1D6C0F2E0280C22ECD49E5FD4C842C8D346 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:14:19.0232 0x0d08  Steam Client Service - ok
09:14:19.0248 0x0d08  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:14:19.0264 0x0d08  stexstor - ok
09:14:19.0295 0x0d08  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:14:19.0326 0x0d08  stisvc - ok
09:14:19.0342 0x0d08  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:14:19.0342 0x0d08  storflt - ok
09:14:19.0357 0x0d08  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:14:19.0373 0x0d08  storvsc - ok
09:14:19.0373 0x0d08  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:14:19.0388 0x0d08  swenum - ok
09:14:19.0435 0x0d08  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:14:19.0466 0x0d08  swprv - ok
09:14:19.0498 0x0d08  Synth3dVsc - ok
09:14:19.0560 0x0d08  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:14:19.0638 0x0d08  SysMain - ok
09:14:19.0669 0x0d08  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:14:19.0685 0x0d08  TabletInputService - ok
09:14:19.0716 0x0d08  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:14:19.0763 0x0d08  TapiSrv - ok
09:14:19.0778 0x0d08  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:14:19.0794 0x0d08  TBS - ok
09:14:19.0856 0x0d08  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:14:19.0903 0x0d08  Tcpip - ok
09:14:19.0950 0x0d08  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:14:19.0981 0x0d08  TCPIP6 - ok
09:14:20.0012 0x0d08  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:14:20.0044 0x0d08  tcpipreg - ok
09:14:20.0075 0x0d08  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:14:20.0106 0x0d08  TDPIPE - ok
09:14:20.0137 0x0d08  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:14:20.0153 0x0d08  TDTCP - ok
09:14:20.0184 0x0d08  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:14:20.0200 0x0d08  tdx - ok
09:14:20.0200 0x0d08  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:14:20.0215 0x0d08  TermDD - ok
09:14:20.0246 0x0d08  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
09:14:20.0278 0x0d08  TermService - ok
09:14:20.0309 0x0d08  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:14:20.0340 0x0d08  Themes - ok
09:14:20.0356 0x0d08  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:14:20.0371 0x0d08  THREADORDER - ok
09:14:20.0387 0x0d08  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:14:20.0418 0x0d08  TrkWks - ok
09:14:20.0465 0x0d08  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:14:20.0496 0x0d08  TrustedInstaller - ok
09:14:20.0512 0x0d08  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:20.0543 0x0d08  tssecsrv - ok
09:14:20.0558 0x0d08  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:14:20.0605 0x0d08  TsUsbFlt - ok
09:14:20.0605 0x0d08  tsusbhub - ok
09:14:20.0621 0x0d08  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:14:20.0652 0x0d08  tunnel - ok
09:14:20.0683 0x0d08  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:14:20.0683 0x0d08  uagp35 - ok
09:14:20.0730 0x0d08  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:14:20.0761 0x0d08  udfs - ok
09:14:20.0792 0x0d08  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:14:20.0808 0x0d08  UI0Detect - ok
09:14:20.0824 0x0d08  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:14:20.0824 0x0d08  uliagpkx - ok
09:14:20.0839 0x0d08  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
09:14:20.0870 0x0d08  umbus - ok
09:14:20.0886 0x0d08  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:14:20.0886 0x0d08  UmPass - ok
09:14:20.0933 0x0d08  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:14:20.0933 0x0d08  UmRdpService - ok
09:14:20.0980 0x0d08  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:14:21.0011 0x0d08  upnphost - ok
09:14:21.0058 0x0d08  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:14:21.0089 0x0d08  usbaudio - ok
09:14:21.0120 0x0d08  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:21.0151 0x0d08  usbccgp - ok
09:14:21.0167 0x0d08  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:14:21.0198 0x0d08  usbcir - ok
09:14:21.0229 0x0d08  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:14:21.0229 0x0d08  usbehci - ok
09:14:21.0260 0x0d08  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:14:21.0292 0x0d08  usbhub - ok
09:14:21.0307 0x0d08  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:14:21.0323 0x0d08  usbohci - ok
09:14:21.0354 0x0d08  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:14:21.0385 0x0d08  usbprint - ok
09:14:21.0416 0x0d08  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:21.0432 0x0d08  USBSTOR - ok
09:14:21.0448 0x0d08  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:14:21.0463 0x0d08  usbuhci - ok
09:14:21.0494 0x0d08  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:14:21.0526 0x0d08  UxSms - ok
09:14:21.0526 0x0d08  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:14:21.0541 0x0d08  VaultSvc - ok
09:14:21.0572 0x0d08  [ 4006E66939B4D716C990256CF93D4BC1, 5E9366D8B684768B0188077C05B52B29D43B9A401A73D81045B9823458334223 ] VBAudioVACMME   C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys
09:14:21.0604 0x0d08  VBAudioVACMME - ok
09:14:21.0619 0x0d08  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:14:21.0635 0x0d08  vdrvroot - ok
09:14:21.0666 0x0d08  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:14:21.0697 0x0d08  vds - ok
09:14:21.0744 0x0d08  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:21.0744 0x0d08  vga - ok
09:14:21.0760 0x0d08  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:14:21.0791 0x0d08  VgaSave - ok
09:14:21.0791 0x0d08  VGPU - ok
09:14:21.0806 0x0d08  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:14:21.0822 0x0d08  vhdmp - ok
09:14:21.0838 0x0d08  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:14:21.0838 0x0d08  viaide - ok
09:14:21.0853 0x0d08  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:14:21.0869 0x0d08  vmbus - ok
09:14:21.0884 0x0d08  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:14:21.0900 0x0d08  VMBusHID - ok
09:14:21.0900 0x0d08  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:14:21.0916 0x0d08  volmgr - ok
09:14:21.0931 0x0d08  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:14:21.0947 0x0d08  volmgrx - ok
09:14:21.0962 0x0d08  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:14:21.0978 0x0d08  volsnap - ok
09:14:22.0009 0x0d08  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:14:22.0025 0x0d08  vsmraid - ok
09:14:22.0087 0x0d08  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:14:22.0165 0x0d08  VSS - ok
09:14:22.0181 0x0d08  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:14:22.0212 0x0d08  vwifibus - ok
09:14:22.0228 0x0d08  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:14:22.0259 0x0d08  W32Time - ok
09:14:22.0290 0x0d08  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:14:22.0306 0x0d08  WacomPen - ok
09:14:22.0321 0x0d08  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:14:22.0352 0x0d08  WANARP - ok
09:14:22.0352 0x0d08  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:14:22.0384 0x0d08  Wanarpv6 - ok
09:14:22.0430 0x0d08  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:14:22.0508 0x0d08  wbengine - ok
09:14:22.0540 0x0d08  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:14:22.0555 0x0d08  WbioSrvc - ok
09:14:22.0586 0x0d08  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:14:22.0602 0x0d08  wcncsvc - ok
09:14:22.0618 0x0d08  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:14:22.0649 0x0d08  WcsPlugInService - ok
09:14:22.0680 0x0d08  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:14:22.0680 0x0d08  Wd - ok
09:14:22.0727 0x0d08  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:14:22.0758 0x0d08  Wdf01000 - ok
09:14:22.0758 0x0d08  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:14:22.0805 0x0d08  WdiServiceHost - ok
09:14:22.0805 0x0d08  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:14:22.0820 0x0d08  WdiSystemHost - ok
09:14:22.0852 0x0d08  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
09:14:22.0883 0x0d08  WebClient - ok
09:14:22.0914 0x0d08  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:14:22.0945 0x0d08  Wecsvc - ok
09:14:22.0961 0x0d08  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:14:22.0992 0x0d08  wercplsupport - ok
09:14:23.0008 0x0d08  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:14:23.0023 0x0d08  WerSvc - ok
09:14:23.0101 0x0d08  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:14:23.0117 0x0d08  WfpLwf - ok
09:14:23.0117 0x0d08  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:14:23.0132 0x0d08  WIMMount - ok
09:14:23.0132 0x0d08  WinDefend - ok
09:14:23.0148 0x0d08  WinHttpAutoProxySvc - ok
09:14:23.0195 0x0d08  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:14:23.0226 0x0d08  Winmgmt - ok
09:14:23.0273 0x0d08  WinRing0_1_2_0 - ok
09:14:23.0351 0x0d08  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:14:23.0429 0x0d08  WinRM - ok
09:14:23.0460 0x0d08  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:14:23.0460 0x0d08  WinUsb - ok
09:14:23.0507 0x0d08  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:14:23.0554 0x0d08  Wlansvc - ok
09:14:23.0585 0x0d08  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:14:23.0600 0x0d08  WmiAcpi - ok
09:14:23.0647 0x0d08  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:14:23.0663 0x0d08  wmiApSrv - ok
09:14:23.0694 0x0d08  WMPNetworkSvc - ok
09:14:23.0725 0x0d08  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:14:23.0741 0x0d08  WPCSvc - ok
09:14:23.0756 0x0d08  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:14:23.0772 0x0d08  WPDBusEnum - ok
09:14:23.0788 0x0d08  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:14:23.0819 0x0d08  ws2ifsl - ok
09:14:23.0834 0x0d08  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:14:23.0850 0x0d08  wscsvc - ok
09:14:23.0850 0x0d08  WSearch - ok
09:14:23.0944 0x0d08  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:14:24.0006 0x0d08  wuauserv - ok
09:14:24.0022 0x0d08  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:14:24.0053 0x0d08  WudfPf - ok
09:14:24.0084 0x0d08  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:24.0115 0x0d08  WUDFRd - ok
09:14:24.0146 0x0d08  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:14:24.0146 0x0ae8  Object required for P2P: [ 975761C778E33CD22498059B91E7373A ] HdAudAddService
09:14:24.0162 0x0d08  wudfsvc - ok
09:14:24.0193 0x0d08  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:14:24.0224 0x0d08  WwanSvc - ok
09:14:24.0271 0x0d08  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
09:14:24.0318 0x0d08  xnacc - ok
09:14:24.0334 0x0d08  ================ Scan global ===============================
09:14:24.0380 0x0d08  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:14:24.0396 0x0d08  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:14:24.0412 0x0d08  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:14:24.0443 0x0d08  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:14:24.0474 0x0d08  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:14:24.0474 0x0d08  [ Global ] - ok
09:14:24.0474 0x0d08  ================ Scan MBR ==================================
09:14:24.0474 0x0d08  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:14:24.0599 0x0d08  \Device\Harddisk0\DR0 - detected TDSS File System ( 1 )
09:14:24.0599 0x0d08  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:14:26.0954 0x0ae8  Object send P2P result: true
09:14:26.0970 0x0ae8  Object required for P2P: [ DDC86E4F8E7456261E637E3552E804FF ] rspndr
09:14:27.0344 0x0d08  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:14:27.0485 0x0d08  \Device\Harddisk1\DR1 - ok
09:14:27.0500 0x0d08  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
09:14:28.0218 0x0d08  \Device\Harddisk2\DR2 - ok
09:14:28.0218 0x0d08  ================ Scan VBR ==================================
09:14:28.0218 0x0d08  [ 632A3749F19F5B2BA85962E5567E19EB ] \Device\Harddisk0\DR0\Partition1
09:14:28.0234 0x0d08  \Device\Harddisk0\DR0\Partition1 - ok
09:14:28.0234 0x0d08  [ EFDD704EE2CD7B9694F0617C5443D0A5 ] \Device\Harddisk0\DR0\Partition2
09:14:28.0234 0x0d08  \Device\Harddisk0\DR0\Partition2 - ok
09:14:28.0234 0x0d08  [ A193457624ED7282A21297A34FCB2B87 ] \Device\Harddisk1\DR1\Partition1
09:14:28.0234 0x0d08  \Device\Harddisk1\DR1\Partition1 - ok
09:14:28.0234 0x0d08  [ 4EFA31740DC501FB6E91B21980F68E48 ] \Device\Harddisk2\DR2\Partition1
09:14:28.0312 0x0d08  \Device\Harddisk2\DR2\Partition1 - ok
09:14:28.0312 0x0d08  ================ Scan generic autorun ======================
09:14:28.0561 0x0d08  [ A433600D55D6C7E165954009FA0149E0, DCEE341BF3AC501E150D64C9BF7FA697939D03480DF7A14BA28ACCB17F638D1C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
09:14:28.0780 0x0d08  RTHDVCPL - ok
09:14:28.0982 0x0d08  [ 920D0E9C8DD3879B45A547C9081E425B, FD7C4443B8D085526221F93581F0CDFCB0A9D886EB7A0FF01054DD4EC9E4EEA5 ] C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
09:14:29.0154 0x0d08  ISCT Tray - ok
09:14:29.0497 0x0d08  [ E96A89F58BE362CFE38EDD5D9613E72A, C1102FB2BDC93C963D8DB9D0D4107A547D5E2FFE32A2437E70D0A3D91D1CF526 ] C:\Program Files\Logitech Gaming Software\LCore.exe
09:14:29.0825 0x0ae8  Object send P2P result: true
09:14:29.0825 0x0ae8  Object required for P2P: [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
09:14:29.0840 0x0d08  Launch LCore - ok
09:14:29.0918 0x0d08  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
09:14:29.0965 0x0d08  MSC - ok
09:14:30.0012 0x0d08  [ E4E7B29D050F5480071984FE6543C311, 9A4D8D1702AE74AB4FE4367EAF4AD6500F59D4F25B3CCACE3EF07613B7B5853C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:14:30.0028 0x0d08  USB3MON - ok
09:14:30.0121 0x0d08  [ B0FCC4B7BB21FA6112532D424EE1B1AD, 294EAD47F50C69A61D97AFB1A07BBC37D3FCA5F6DAABD05FF7372B282C2CD4EB ] C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
09:14:30.0137 0x0d08  Super Charger - ok
09:14:30.0168 0x0d08  [ 12916E0642E92561C98B18A2A2D01B14, 4C28478CFE25E1F29AEF8BA6F2FAF3E6C2B34BF18CA77052813903E10ADDCCD5 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:14:30.0184 0x0d08  SunJavaUpdateSched - ok
09:14:30.0215 0x0d08  [ 3525994B92F56740C64B5412AEF1411D, 08FB7F8E1C34109699F9431D56CE0E502E165A01C7494BD7AE35A687C45CC942 ] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
09:14:30.0230 0x0d08  Copperhead - detected UnsignedFile.Multi.Generic ( 1 )
09:14:32.0602 0x0ae8  Object send P2P result: true
09:14:33.0148 0x0d08  Detect skipped due to KSN trusted
09:14:33.0148 0x0d08  Copperhead - ok
09:14:33.0210 0x0d08  [ ACFE2A5FBB735E6463B51D19A84B5C1E, ECCA84BD6E56C2370BBCF1EFE88F92649DF040C53D73711C5BBEF19962214119 ] C:\Program Files (x86)\Raptr\raptrstub.exe
09:14:33.0210 0x0d08  Raptr - ok
09:14:33.0257 0x0d08  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
09:14:33.0288 0x0d08  StartCCC - ok
09:14:33.0350 0x0d08  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:33.0413 0x0d08  Sidebar - ok
09:14:33.0444 0x0d08  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:14:33.0460 0x0d08  mctadmin - ok
09:14:33.0491 0x0d08  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:14:33.0522 0x0d08  Sidebar - ok
09:14:33.0522 0x0d08  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:14:33.0538 0x0d08  mctadmin - ok
09:14:33.0631 0x0d08  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
09:14:33.0678 0x0d08  Sidebar - ok
09:14:33.0725 0x0d08  authenticator - ok
09:14:33.0725 0x0d08  Waiting for KSN requests completion. In queue: 14
09:14:34.0739 0x0d08  Waiting for KSN requests completion. In queue: 14
09:14:35.0753 0x0d08  Waiting for KSN requests completion. In queue: 7
09:14:36.0767 0x0d08  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
09:14:36.0767 0x0d08  Win FW state via NFP2: enabled
09:14:39.0481 0x0d08  ============================================================
09:14:39.0481 0x0d08  Scan finished
09:14:39.0481 0x0d08  ============================================================
09:14:39.0481 0x0ce8  Detected object count: 1
09:14:39.0481 0x0ce8  Actual detected object count: 1
09:18:28.0316 0x0ce8  \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
09:18:28.0316 0x0ce8  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:18:28.0332 0x0ce8  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:18:28.0379 0x0ce8  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:18:28.0784 0x0ce8  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:18:28.0800 0x0ce8  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:18:28.0878 0x0ce8  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:18:28.0925 0x0ce8  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:18:28.0971 0x0ce8  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:18:29.0049 0x0ce8  \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
09:18:29.0049 0x0ce8  \Device\Harddisk0\DR0\TDLFS - deleted
09:18:29.0049 0x0ce8  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
         


Alt 06.02.2015, 10:50   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall

Alt 06.02.2015, 11:19   #7
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



MSE hatte ich über den Taskmanager beendet. Combofix meckerte trotzdem rum.Ich habe im Taskmanager die Datei "MsMpEng.exe" gefunden, die ich aber nicht beenden konnte.

Combofix habe ich jetzt trotzdem laufen lassen.

Eine Aufforderung zum Neustart kam nicht.

Hier das Log

Code:
ATTFilter
ComboFix 15-02-02.01 - Arty 06.02.2015  10:58:22.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8125.6421 [GMT 1:00]
ausgeführt von:: c:\users\Arty\Desktop\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-06 bis 2015-02-06  ))))))))))))))))))))))))))))))
.
.
2015-02-06 10:11 . 2015-02-06 10:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-06 08:18 . 2015-02-06 08:18	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-02-06 00:03 . 2014-12-02 01:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8B38D444-828D-4C05-A219-0A805199D423}\mpengine.dll
2015-02-05 03:09 . 2015-02-05 16:27	--------	d-----w-	C:\FRST
2015-02-04 05:43 . 2014-12-02 01:26	11870360	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-03 12:06 . 2015-02-03 12:06	--------	d-----w-	c:\program files (x86)\AP Tuner
2015-01-31 19:25 . 2015-01-31 19:25	--------	d-----w-	c:\program files\Microsoft Silverlight
2015-01-31 19:25 . 2015-01-31 19:25	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2015-01-28 14:46 . 2015-02-03 09:48	--------	d-----w-	C:\AdwCleaner
2015-01-23 22:08 . 2015-01-23 22:52	--------	d-----w-	c:\users\Arty\AppData\Local\Warframe
2015-01-22 05:36 . 2015-01-09 16:16	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75E5A663-4F62-4B76-B7DC-121077B7C6F4}\gapaengine.dll
2015-01-20 10:12 . 2015-01-20 10:12	--------	d-----w-	c:\users\Arty\AppData\Local\CAPCOM
2015-01-16 02:43 . 2015-01-16 02:45	--------	d-----w-	c:\program files (x86)\MP3Gain
2015-01-16 02:41 . 2015-01-16 02:41	--------	d-----w-	c:\program files (x86)\Lame For Audacity
2015-01-16 02:36 . 2015-01-16 06:13	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-01-12 08:16 . 2015-01-14 02:26	--------	d--h--w-	c:\users\Arty\AppData\Roaming\Bother_fall
2015-01-11 05:43 . 2015-01-09 16:16	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-01-09 16:15 . 2015-01-09 16:15	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2015-01-09 16:15 . 2015-01-09 16:15	--------	d-----w-	c:\program files\Microsoft Security Client
2015-01-09 16:13 . 2015-01-09 16:14	--------	d-----w-	C:\OETemp
2015-01-09 13:27 . 2015-01-13 02:38	--------	d--h--w-	c:\users\Arty\AppData\Local\Angle-improve
2015-01-08 18:45 . 2015-01-09 16:10	--------	d--h--w-	c:\users\Arty\AppData\Roaming\Buttontrade
2015-01-08 16:49 . 2014-12-15 03:13	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E68AD17-595F-4E1C-8B60-26E059063755}\mpengine.dll
2015-01-08 16:49 . 2014-12-31 11:14	298120	------w-	c:\windows\system32\MpSigStub.exe
2015-01-08 13:11 . 2015-01-09 02:35	--------	d--h--w-	c:\users\Arty\AppData\Roaming\Jpeq
2015-01-08 12:45 . 2015-01-08 12:45	--------	d-----w-	c:\programdata\Battle.net
2015-01-08 12:40 . 2015-01-09 16:10	--------	d--h--w-	c:\users\Arty\AppData\Roaming\Botherattempt
2015-01-08 08:30 . 2015-01-13 11:15	--------	d-----w-	c:\programdata\mvyatvj
2015-01-07 16:16 . 2015-01-07 16:16	--------	d-----w-	c:\program files\VSTplugins
2015-01-07 16:16 . 2015-01-07 16:16	--------	d-----w-	c:\program files\Audiffex
2015-01-07 16:12 . 2015-01-07 16:12	--------	d-----w-	c:\windows\system32\IO
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 18:08 . 2014-10-24 05:08	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 18:08 . 2014-10-24 05:08	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 16:22 . 2014-10-24 16:02	129752	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-23 21:41 . 2014-12-03 22:03	174112	----a-w-	c:\windows\SysWow64\EasyAntiCheat.exe
2014-11-21 05:14 . 2014-10-24 16:02	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-10-24 16:02	93400	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-10-24 16:02	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-11-21 02:44 . 2014-12-28 09:30	128384	----a-w-	c:\windows\system32\amdhcp64.dll
2014-11-21 02:44 . 2014-12-28 09:30	118096	----a-w-	c:\windows\SysWow64\amdhcp32.dll
2014-11-21 02:44 . 2014-12-28 09:30	78432	----a-w-	c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-12-28 09:30	78432	----a-w-	c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-12-28 09:30	71704	----a-w-	c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-12-28 09:30	71704	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-10-23 20:19	144328	----a-w-	c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-12-28 09:30	126848	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-10-23 20:19	118096	----a-w-	c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-10-23 20:19	100032	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2014-10-23 20:19	1348928	----a-w-	c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-10-23 20:19	1127496	----a-w-	c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-10-23 20:19	11076784	----a-w-	c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-12-28 09:30	9401480	----a-w-	c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-10-23 20:19	7558816	----a-w-	c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-10-23 20:19	7077776	----a-w-	c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-10-23 20:19	8379720	----a-w-	c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-10-23 20:19	8369408	----a-w-	c:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-12-28 09:30	294600	----a-w-	c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-12-28 09:30	18959360	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-12-28 09:30	235008	----a-w-	c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-12-28 09:30	98816	----a-w-	c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-12-28 09:30	83456	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-12-28 09:30	86528	----a-w-	c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-12-28 09:30	73216	----a-w-	c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-12-28 09:30	47899136	----a-w-	c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-12-28 09:30	40987136	----a-w-	c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-12-28 09:30	65024	----a-w-	c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-12-28 09:30	58880	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-12-28 09:30	28354560	----a-w-	c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-12-28 09:30	23621632	----a-w-	c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-12-28 09:30	49664	----a-w-	c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-12-28 09:30	38912	----a-w-	c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-12-28 09:30	127488	----a-w-	c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-12-28 09:30	113664	----a-w-	c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-12-28 09:30	5837312	----a-w-	c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-12-28 09:30	367104	----a-w-	c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-12-28 09:30	62464	----a-w-	c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-12-28 09:30	52224	----a-w-	c:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-12-28 09:30	55808	----a-w-	c:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-12-28 09:30	49152	----a-w-	c:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-12-28 09:30	15716352	----a-w-	c:\windows\system32\aticaldd64.dll
2014-11-21 02:16 . 2014-12-28 09:30	14302208	----a-w-	c:\windows\SysWow64\aticaldd.dll
2014-11-21 02:15 . 2014-12-28 09:30	4590592	----a-w-	c:\windows\SysWow64\amdmantle32.dll
2014-11-21 02:13 . 2014-12-28 09:30	91648	----a-w-	c:\windows\system32\mantleaxl64.dll
2014-11-21 02:13 . 2014-12-28 09:30	85504	----a-w-	c:\windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12 . 2014-12-28 09:30	31232	----a-w-	c:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-10-23 20:19	442368	----a-w-	c:\windows\system32\atidemgy.dll
2014-11-21 02:12 . 2014-12-28 09:30	774656	----a-w-	c:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-12-28 09:30	244736	----a-w-	c:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-12-28 09:30	190976	----a-w-	c:\windows\system32\atitmm64.dll
2014-11-21 02:10 . 2014-12-28 09:30	843776	----a-w-	c:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-12-28 09:30	95744	----a-w-	c:\windows\system32\amdave64.dll
2014-11-21 02:09 . 2014-10-23 20:19	90112	----a-w-	c:\windows\SysWow64\amdave32.dll
2014-11-21 02:09 . 2014-12-28 09:30	89088	----a-w-	c:\windows\system32\atisamu64.dll
2014-11-21 02:09 . 2014-12-28 09:30	80896	----a-w-	c:\windows\SysWow64\atisamu32.dll
2014-11-21 02:09 . 2014-10-23 20:19	1214976	----a-w-	c:\windows\system32\atiadlxx.dll
2014-11-21 02:09 . 2014-12-28 09:30	903168	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2014-11-21 02:09 . 2014-12-28 09:30	75264	----a-w-	c:\windows\system32\atig6pxx.dll
2014-11-21 02:09 . 2014-12-28 09:30	69632	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2014-11-21 02:09 . 2014-12-28 09:30	69632	----a-w-	c:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-12-28 09:30	146944	----a-w-	c:\windows\system32\atig6txx.dll
2014-11-21 02:08 . 2014-12-28 09:30	133632	----a-w-	c:\windows\SysWow64\atigktxx.dll
2014-11-21 02:08 . 2014-12-28 09:30	589312	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2014-11-21 02:08 . 2014-12-28 09:30	43520	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2014-11-20 20:36 . 2014-11-20 20:36	51200	----a-w-	c:\windows\system32\kdbsdk64.dll
2014-11-20 20:35 . 2014-11-20 20:35	38912	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
2014-11-20 13:03 . 2014-11-10 15:15	215416	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-11-18 15:20 . 2014-11-10 15:15	215416	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-11-10 16:50 . 2014-11-10 16:50	76152	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-11-10 15:15 . 2014-11-10 15:15	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-02-21 292848]
"Super Charger"="c:\program files (x86)\MSI\Super Charger\Super Charger.exe" [2014-04-08 1047536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-01-30 55568]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBAudioVACMME;VB-Audio Virtual Cable (WDM);c:\windows\system32\DRIVERS\vbaudio_cable64_win7.sys;c:\windows\SYSNATIVE\DRIVERS\vbaudio_cable64_win7.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super Charger\ChargeService.exe;c:\program files (x86)\MSI\Super Charger\ChargeService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys;c:\windows\SYSNATIVE\drivers\copperhd.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super Charger\NTIOLib_X64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Arty\AppData\Local\Temp\tmpA7E2.tmp;c:\users\Arty\AppData\Local\Temp\tmpA7E2.tmp [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 00:13	1086280	----a-w-	c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-24 18:08]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 15:56]
.
2015-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 15:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-03-04 7543000]
"ISCT Tray"="c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe" [2014-02-21 5860656]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-09-16 11877656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-authenticator - c:\programdata\Battle.net\Agent\Agent.3634\Logs\proxy\social.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
AddRemove-Steam App 218620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 250620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 252490 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 730 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Arty\AppData\Local\Temp\tmpA7E2.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@DACL=(02 0000)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-06  11:12:50
ComboFix-quarantined-files.txt  2015-02-06 10:12
.
Vor Suchlauf: 17 Verzeichnis(se), 213.298.884.608 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 216.651.612.160 Bytes frei
.
- - End Of File - - A26CFF31586BC2688FE54DED45FE8817
A36C5E4F47E84449FF07ED3517B43A31
         
Für etwaige weitere Schritte bin ich dann ab heute Abend wieder da. Die Arbeit ruft

Alt 06.02.2015, 14:34   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.02.2015, 23:10   #9
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Hättest du mal einen Link, wo ich mal nachlesen kann, was mich genau infiziert hat?
Würde mich brennend interessieren.

Hier die Logs

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.02.2015
Suchlauf-Zeit: 22:40:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.06.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Arty

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 350315
Verstrichene Zeit: 12 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 22:56:33
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Arty - ARTY-PC
# Gestarted von : C:\Users\Arty\Desktop\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [2382 Bytes] - [28/01/2015 15:46:56]
AdwCleaner[R1].txt - [1082 Bytes] - [03/02/2015 10:47:02]
AdwCleaner[R2].txt - [1067 Bytes] - [06/02/2015 22:55:36]
AdwCleaner[S0].txt - [2354 Bytes] - [28/01/2015 15:48:02]
AdwCleaner[S1].txt - [1144 Bytes] - [03/02/2015 10:48:09]
AdwCleaner[S2].txt - [991 Bytes] - [06/02/2015 22:56:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1049  Bytes] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Arty on 06.02.2015 at 23:01:20,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Arty\AppData\Roaming\mozilla\firefox\profiles\aftrhdfa.default-1414168415968\minidumps [41 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.02.2015 at 23:03:11,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Arty (administrator) on ARTY-PC on 06-02-2015 23:04:56
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-768761217-1181827061-3865430075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml

Chrome: 
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpED4A.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 23:03 - 2015-02-06 23:03 - 00000765 _____ () C:\Users\Arty\Desktop\JRT.txt
2015-02-06 22:59 - 2015-02-06 22:59 - 00001129 _____ () C:\Users\Arty\Desktop\AdwCleaner[S2].txt
2015-02-06 22:53 - 2015-02-06 22:53 - 00001200 _____ () C:\Users\Arty\Desktop\mbam.txt
2015-02-06 11:13 - 2015-02-06 11:13 - 00020721 _____ () C:\Users\Arty\Desktop\combofix.txt
2015-02-06 11:12 - 2015-02-06 11:12 - 00020721 _____ () C:\ComboFix.txt
2015-02-06 10:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 10:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 10:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 10:55 - 2015-02-06 11:12 - 00000000 ____D () C:\Qoobox
2015-02-06 10:54 - 2015-02-06 11:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 09:32 - 2015-02-06 09:32 - 00006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-02-06 09:19 - 2015-02-06 09:19 - 00103613 _____ () C:\Users\Arty\Desktop\tdss.txt
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 _____ () C:\Users\Arty\Desktop\Neues Textdokument.txt
2015-02-05 17:47 - 2015-02-05 17:47 - 00009718 _____ () C:\Users\Arty\Desktop\gmer.log
2015-02-05 17:28 - 2015-02-05 17:28 - 00038783 _____ () C:\Users\Arty\Desktop\Addition.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00025819 _____ () C:\Users\Arty\Desktop\FRST.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00000470 _____ () C:\Users\Arty\Desktop\defogger_disable.log
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-06 23:04 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-06 22:56 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve
2015-01-08 19:45 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-08 17:49 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 14:11 - 2015-01-09 03:35 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq
2015-01-08 13:45 - 2015-01-08 13:45 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-08 13:40 - 2015-01-09 17:10 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-08 09:30 - 2015-01-13 12:15 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-08 09:13 - 2015-01-29 20:14 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-01-07 17:21 - 2015-01-07 17:21 - 00000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiffex
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\VSTplugins
2015-01-07 17:16 - 2015-01-07 17:16 - 00000000 ____D () C:\Program Files\Audiffex
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\IO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 23:03 - 2014-10-23 19:47 - 01235593 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 22:59 - 2014-10-23 21:00 - 00043742 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-06 22:58 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-06 22:58 - 2009-07-14 05:51 - 00115540 _____ () C:\Windows\setupact.log
2015-02-06 22:57 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 22:57 - 2014-10-23 20:54 - 00337784 _____ () C:\Windows\PFRO.log
2015-02-06 22:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 22:56 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 22:56 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 22:40 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 22:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 22:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 11:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-06 11:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 09:32 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-06 09:32 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-02-06 09:32 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-06 01:17 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 01:17 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-06 01:16 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-06 01:14 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-05 19:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 19:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-08 08:09 - 2014-10-23 21:11 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-06 09:32 - 2015-02-06 09:32 - 0006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2015-02-03 08:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 07.02.2015, 12:30   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2015, 00:23   #11
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



man man man, eine Warnung über die Dauer vom ESET-Scanner wäre ganz hilfreich gewesen

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8451ef8a53d64c41a2a0e657a32cf886
# engine=22359
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-07 11:16:13
# local_time=2015-02-08 12:16:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2534456 46331367 0 0
# scanned=224910
# found=1
# cleaned=0
# scan_time=5110
sh=F8B02F66C8324F55FA16363C3956C193E9C45372 ft=1 fh=2311c5a1e677fa6d vn="Win64/Olmarik.AMO Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\06.02.2015_09.13.36\tdlfs0000\tsk0004.dta"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 17  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
 Mozilla Thunderbird (31.4.0) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Arty (administrator) on ARTY-PC on 08-02-2015 00:19:21
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-768761217-1181827061-3865430075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml

Chrome: 
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpBC7B.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 22:43 - 2015-02-07 22:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-07 22:41 - 2015-02-07 22:41 - 00000988 _____ () C:\Users\Arty\Desktop\securitycheck.txt
2015-02-06 23:18 - 2015-02-06 23:18 - 00000000 ____D () C:\Users\Arty\AppData\Local\Steam
2015-02-06 23:03 - 2015-02-06 23:03 - 00000765 _____ () C:\Users\Arty\Desktop\JRT.txt
2015-02-06 22:59 - 2015-02-06 22:59 - 00001129 _____ () C:\Users\Arty\Desktop\AdwCleaner[S2].txt
2015-02-06 22:53 - 2015-02-06 22:53 - 00001200 _____ () C:\Users\Arty\Desktop\mbam.txt
2015-02-06 11:13 - 2015-02-06 11:13 - 00020721 _____ () C:\Users\Arty\Desktop\combofix.txt
2015-02-06 11:12 - 2015-02-06 11:12 - 00020721 _____ () C:\ComboFix.txt
2015-02-06 10:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 10:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 10:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 10:55 - 2015-02-06 11:12 - 00000000 ____D () C:\Qoobox
2015-02-06 10:54 - 2015-02-06 11:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 09:32 - 2015-02-06 09:32 - 00006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-02-06 09:19 - 2015-02-06 09:19 - 00103613 _____ () C:\Users\Arty\Desktop\tdss.txt
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 _____ () C:\Users\Arty\Desktop\Neues Textdokument.txt
2015-02-05 17:47 - 2015-02-05 17:47 - 00009718 _____ () C:\Users\Arty\Desktop\gmer.log
2015-02-05 17:28 - 2015-02-05 17:28 - 00038783 _____ () C:\Users\Arty\Desktop\Addition.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00025819 _____ () C:\Users\Arty\Desktop\FRST.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00000470 _____ () C:\Users\Arty\Desktop\defogger_disable.log
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-08 00:19 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-06 22:56 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 00:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 00:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 00:04 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 00:04 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 20:12 - 2014-10-23 19:47 - 01338227 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 18:33 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-07 14:12 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 06:34 - 2014-10-23 21:00 - 00049471 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-07 06:33 - 2009-07-14 05:51 - 00116254 _____ () C:\Windows\setupact.log
2015-02-07 06:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-07 00:07 - 2015-01-08 09:13 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-02-06 22:57 - 2014-10-23 20:54 - 00337784 _____ () C:\Windows\PFRO.log
2015-02-06 22:40 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-06 11:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 09:32 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-06 09:32 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-02-06 09:32 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-06 01:17 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 01:17 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-06 01:16 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-06 01:14 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-05 19:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 19:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 17:26 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:51 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 12:15 - 2015-01-08 09:30 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:10 - 2015-01-08 19:45 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-09 17:10 - 2015-01-08 13:40 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 03:35 - 2015-01-08 14:11 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq

==================== Files in the root of some directories =======

2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-06 09:32 - 2015-02-06 09:32 - 0006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Arty\AppData\Local\Temp\Quarantine.exe
C:\Users\Arty\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2015-02-03 08:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 08.02.2015, 11:38   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2015, 11:53   #13
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by Arty at 2015-02-08 11:43:25 Run:1
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
Emptytemp:
         
*****************


Fehler beim L”schen des angegebenen Datenelements.
Element nicht gefunden.

Fehler beim L”schen des angegebenen Datenelements.
Element nicht gefunden.
EmptyTemp: => Removed 1.6 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:43:40 ====
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Arty (administrator) on ARTY-PC on 08-02-2015 11:51:13
Running from C:\Users\Arty\Desktop\Downloads
Loaded Profiles: Arty (Available profiles: Arty)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(AddGadgets) C:\Users\Arty\Desktop\PCMeterV4\PCMeterV0.4.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
() C:\Program Files (x86)\Razer\Copperhead\razertra.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-02-21] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1047536 2014-04-08] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Copperhead] => C:\Program Files (x86)\Razer\Copperhead\razerhid.exe [135168 2009-11-19] ()
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-01-30] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-768761217-1181827061-3865430075-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-768761217-1181827061-3865430075-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arty\AppData\Roaming\Mozilla\Firefox\Profiles\aftrhdfa.default-1414168415968\searchplugins\e498ac08-57ad-4b76-8919-d0470056cda3.xml

Chrome: 
=======
CHR Profile: C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-01-08]
CHR Extension: (Google Docs) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-08]
CHR Extension: (Google Drive) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-08]
CHR Extension: (YouTube) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-08]
CHR Extension: (Google-Suche) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-08]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2015-01-08]
CHR Extension: (CyberGhost VPN - Kostenloser Proxy) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbnikgemihknccdjaihjnfbapinljpi [2015-01-08]
CHR Extension: (Google Tabellen) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-08]
CHR Extension: (Avira Browserschutz) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-01-08]
CHR Extension: (Counter Strike: Global Offensive - Theme) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmaihllcpbdicdhadfffflhopaijpif [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-08]
CHR Extension: (Google Mail) - C:\Users\Arty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-23] (EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [162800 2014-03-17] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 copperhd; C:\Windows\System32\drivers\copperhd.sys [14336 2009-11-10] (Razer (Asia-Pacific) Pte Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\Arty\AppData\Local\Temp\tmpA237.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 22:41 - 2015-02-07 22:41 - 00000988 _____ () C:\Users\Arty\Desktop\securitycheck.txt
2015-02-06 23:18 - 2015-02-06 23:18 - 00000000 ____D () C:\Users\Arty\AppData\Local\Steam
2015-02-06 23:03 - 2015-02-06 23:03 - 00000765 _____ () C:\Users\Arty\Desktop\JRT.txt
2015-02-06 22:59 - 2015-02-06 22:59 - 00001129 _____ () C:\Users\Arty\Desktop\AdwCleaner[S2].txt
2015-02-06 22:53 - 2015-02-06 22:53 - 00001200 _____ () C:\Users\Arty\Desktop\mbam.txt
2015-02-06 11:13 - 2015-02-06 11:13 - 00020721 _____ () C:\Users\Arty\Desktop\combofix.txt
2015-02-06 11:12 - 2015-02-06 11:12 - 00020721 _____ () C:\ComboFix.txt
2015-02-06 10:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-06 10:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-06 10:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-06 10:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-06 10:55 - 2015-02-06 11:12 - 00000000 ____D () C:\Qoobox
2015-02-06 10:54 - 2015-02-06 11:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-06 09:32 - 2015-02-06 09:32 - 00006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2015-02-06 09:19 - 2015-02-06 09:19 - 00103613 _____ () C:\Users\Arty\Desktop\tdss.txt
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-06 09:18 - 2015-02-06 09:18 - 00000000 _____ () C:\Users\Arty\Desktop\Neues Textdokument.txt
2015-02-05 17:47 - 2015-02-05 17:47 - 00009718 _____ () C:\Users\Arty\Desktop\gmer.log
2015-02-05 17:28 - 2015-02-05 17:28 - 00038783 _____ () C:\Users\Arty\Desktop\Addition.txt
2015-02-05 17:27 - 2015-02-08 00:20 - 00027158 _____ () C:\Users\Arty\Desktop\FRST.txt
2015-02-05 17:27 - 2015-02-05 17:27 - 00000470 _____ () C:\Users\Arty\Desktop\defogger_disable.log
2015-02-05 17:27 - 2015-02-05 17:27 - 00000000 _____ () C:\Users\Arty\defogger_reenable
2015-02-05 04:09 - 2015-02-08 11:51 - 00000000 ____D () C:\FRST
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
2015-02-03 13:06 - 2015-02-03 13:06 - 00000000 ____D () C:\Program Files (x86)\AP Tuner
2015-02-03 10:52 - 2015-02-03 10:52 - 00001990 _____ () C:\Users\Arty\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-02-03 10:52 - 2015-02-03 10:52 - 00001930 _____ () C:\Users\Arty\Desktop\Avira EU-Cleaner.lnk
2015-02-02 10:25 - 2015-02-02 10:25 - 00000000 ____D () C:\Users\Arty\Documents\Remedy
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-31 20:25 - 2015-01-31 20:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-28 15:46 - 2015-02-06 22:56 - 00000000 ____D () C:\AdwCleaner
2015-01-27 06:50 - 2015-01-27 06:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 23:08 - 2015-01-23 23:52 - 00000000 ____D () C:\Users\Arty\AppData\Local\Warframe
2015-01-20 11:12 - 2015-01-20 11:12 - 00000000 ____D () C:\Users\Arty\AppData\Local\CAPCOM
2015-01-16 03:43 - 2015-01-16 03:45 - 00000000 ____D () C:\Program Files (x86)\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:43 - 2015-01-16 03:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2015-01-16 03:41 - 2015-01-16 03:41 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-01-16 03:36 - 2015-01-16 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-13 03:55 - 2015-01-13 03:55 - 00001198 _____ () C:\Users\Arty\Desktop\Default.SSM
2015-01-12 09:16 - 2015-01-14 03:26 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Bother_fall
2015-01-09 17:15 - 2015-01-09 17:15 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-09 17:15 - 2015-01-09 17:15 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-01-09 17:15 - 2015-01-09 17:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-01-09 17:13 - 2015-01-09 17:14 - 00000000 ____D () C:\OETemp
2015-01-09 17:12 - 2015-01-09 17:12 - 00003124 _____ () C:\Windows\System32\Tasks\{44DE53B5-4ED3-4FDD-9369-00EAFC1F006F}
2015-01-09 14:27 - 2015-01-13 03:38 - 00000000 ___HD () C:\Users\Arty\AppData\Local\Angle-improve

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-08 11:47 - 2014-10-23 21:00 - 00044310 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-08 11:46 - 2014-10-23 18:17 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Raptr
2015-02-08 11:45 - 2009-07-14 05:51 - 00117682 _____ () C:\Windows\setupact.log
2015-02-08 11:44 - 2014-10-24 16:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 11:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 11:43 - 2014-10-23 19:47 - 01480252 _____ () C:\Windows\WindowsUpdate.log
2015-02-08 11:43 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:43 - 2009-07-14 05:45 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 11:12 - 2014-10-24 16:56 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 11:08 - 2014-12-12 12:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 06:32 - 2014-10-23 20:54 - 00338594 _____ () C:\Windows\PFRO.log
2015-02-08 03:29 - 2014-10-23 21:53 - 00000000 ____D () C:\Users\Arty\Desktop\Megui
2015-02-08 00:31 - 2014-10-23 22:02 - 00000000 ____D () C:\Program Files (x86)\SagaraS Scriptmaker
2015-02-07 00:07 - 2015-01-08 09:13 - 00000000 ____D () C:\Users\Arty\Desktop\rocksmith
2015-02-06 22:40 - 2014-10-24 17:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:12 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-06 11:11 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-06 09:32 - 2014-10-26 13:36 - 00000000 ____D () C:\Users\Arty\AppData\Local\gtk-2.0
2015-02-06 09:32 - 2014-10-26 13:35 - 00000000 ____D () C:\Users\Arty\.gimp-2.8
2015-02-06 09:32 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Audacity
2015-02-06 01:17 - 2014-10-23 21:27 - 00000000 ____D () C:\ProgramData\Origin
2015-02-06 01:17 - 2014-10-23 21:11 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Skype
2015-02-06 01:16 - 2014-10-23 21:43 - 00000000 ____D () C:\Users\Arty\AppData\Local\Battle.net
2015-02-06 01:14 - 2014-10-24 16:58 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:30 - 2014-10-23 21:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-05 19:08 - 2014-12-12 12:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 19:08 - 2014-10-24 06:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:08 - 2014-10-24 06:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 17:27 - 2014-10-23 20:01 - 00000000 ____D () C:\Users\Arty
2015-02-05 14:07 - 2014-10-24 16:56 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 14:07 - 2014-10-24 16:56 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 10:24 - 2014-10-23 18:21 - 00166978 _____ () C:\Windows\DirectX.log
2015-01-31 10:52 - 2014-10-23 18:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-01-30 03:48 - 2009-07-14 18:58 - 00699446 _____ () C:\Windows\system32\perfh007.dat
2015-01-30 03:48 - 2009-07-14 18:58 - 00149586 _____ () C:\Windows\system32\perfc007.dat
2015-01-30 03:48 - 2009-07-14 06:13 - 01620740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 15:48 - 2014-10-23 20:03 - 00001194 _____ () C:\Users\Arty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-27 09:30 - 2014-10-23 21:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 16:36 - 2014-10-23 21:46 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-13 12:15 - 2015-01-08 09:30 - 00000000 ____D () C:\ProgramData\mvyatvj
2015-01-13 07:54 - 2014-10-24 06:09 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\Adobe
2015-01-13 03:56 - 2014-10-23 22:03 - 00001169 _____ () C:\Users\Arty\Desktop\SagaraS Scriptmaker.lnk
2015-01-13 03:56 - 2014-10-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SagaraS Scriptmaker
2015-01-13 03:56 - 2014-10-23 21:32 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2015-01-10 15:07 - 2014-11-05 20:28 - 00000000 ____D () C:\Users\Arty\AppData\Roaming\.minecraft
2015-01-10 06:32 - 2014-10-23 21:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-10 06:32 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 17:14 - 2014-10-23 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 17:10 - 2015-01-08 19:45 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Buttontrade
2015-01-09 17:10 - 2015-01-08 13:40 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Botherattempt
2015-01-09 17:07 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-01-09 16:51 - 2014-10-24 17:02 - 00001128 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 16:51 - 2014-10-24 17:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-09 03:35 - 2015-01-08 14:11 - 00000000 ___HD () C:\Users\Arty\AppData\Roaming\Jpeq

==================== Files in the root of some directories =======

2014-10-23 22:00 - 2014-11-29 19:45 - 0000624 _____ () C:\Users\Arty\AppData\Roaming\All CPU MeterV3_Settings.ini
2014-10-23 21:23 - 2014-10-23 21:41 - 0000290 _____ () C:\Users\Arty\AppData\Roaming\GPU MeterV2_Settings.ini
2015-01-07 17:21 - 2015-01-07 17:21 - 0000013 _____ () C:\Users\Arty\AppData\Roaming\pref.ga
2015-02-06 09:32 - 2015-02-06 09:32 - 0006290 _____ () C:\Users\Arty\AppData\Local\recently-used.xbel
2014-11-10 19:26 - 2014-11-10 19:35 - 0007602 _____ () C:\Users\Arty\AppData\Local\Resmon.ResmonCfg
2014-10-23 20:52 - 2014-10-23 20:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2015-02-03 08:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Wegen dem Testsigning und Integry Check: Könnte es damit zu tun haben, dass mein Windows momentan nur als Testversion läuft?

Geändert von IIArtyII (08.02.2015 um 12:01 Uhr) Grund: Anmerkung

Alt 08.02.2015, 16:24   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Ich gehe ja mal davon auss dass das nicht mit Absicht so läuft oder?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.02.2015, 16:34   #15
IIArtyII
 
Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Standard

Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall



Doch tut es. Als ich im letzten Sommer meine Wohnung umgebaut habe und nebenbei auch so einiges entrümpelt habe, finde ich meinen Key nicht mehr. Im November hab ich meinen PC geupgradet, und seit dem läuft nur die Testversion. Jetzt hab ich noch 15 Tage Zeit mir einen neuen zu kaufen

Antwort

Themen zu Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall
cyberghost, defender, ebanking, entfernen, fehlercode 0xc0000005, fehlercode 0xc0000417, fehlercode windows, flash player, homepage, installmanager.exe, launch, programm, registry, security, services.exe, software, super, svchost.exe, trojan.agent.ed, trojan.agent.stpd, trojan.downloader



Ähnliche Themen: Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall


  1. Onlinebanking wurde wegen Trojaner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (18)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  4. Wegen "MitB" internetbanking von Sparkasse gesperrt.
    Log-Analyse und Auswertung - 04.02.2013 (9)
  5. Keinen Zugriff auf Desktop wegen Vollfenster "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 10.09.2012 (1)
  6. Kein Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (12)
  7. Alle Dateien versteckt - Befall mit "trojan.fasagent" und "PUM.Hijack.StartMenu"
    Log-Analyse und Auswertung - 09.07.2012 (29)
  8. Keinen Zugriff auf Desktop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Log-Analyse und Auswertung - 14.04.2012 (11)
  9. Kein Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (37)
  10. Keinen Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (26)
  11. Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.."
    Log-Analyse und Auswertung - 26.03.2012 (9)
  12. Keinen Zugriff auf Desctop wegen eines Fensters "Dieses Programm kann die Webseite nicht anzeigen"
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (4)
  13. Onlinebanking wegen Trojaner gesperrt?
    Plagegeister aller Art und deren Bekämpfung - 24.09.2011 (13)
  14. Onlinebanking gesperrt wegen Trojanerwarnung
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (31)
  15. Onlinebanking wegen Gozi gesperrt...
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (1)
  16. Online-Banking wegen Trojaner "gozi" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (28)

Zum Thema Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall - Hallo erstmal, Vor ein paar Tagen öffnete meine Frau, in meiner Abwesenheit, eine dieser "Mahn-Emails", worauf irgendwas den Rechner infizierte. Zu diesem Punkt hatte ich Avira Antivir installiert, welches aber - Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall...
Archiv
Du betrachtest: Zugriff auf Onlinebanking gesperrt wegen "NYMAIN"-Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.